Imagine that you’ve registered a domain name, developed a site, and begin to earn money from your efforts. Then, suddenly, everything is gone. You try to log into your control panel and find out that you no longer own the domain name.. Additionally, your contact information on the whois page has been replaced by a name you’ve never heard of, often times one outside the country.
How did this happen and what can you do about it?
The easiest way for domain hijackers to steal a domain, is by email spoofing, which means that the hacker somehow gains control over the admin’s email account and use the information to take control of their domain names. Unfortunately, there are multiple ways for hackers to engage in this.
One method hackers use is to hack into your email account and extract your login and password information. This gives them access to see all of your incoming emails without you even knowing what was going on. It also gives them the ability to send emails from your address, which is likely how they were able to steal your domain.
Another way hijackers get control of email is when the Registrant fails to keep their contact information up to date. If you had registered your domain name with a ‘hotmail’ name, but then switched to a personalized email once you owned the domain name, you may have forgotten all about that original hotmail account and let it expire. If the hijacker picked up that hotmail account, they could send emails to your Registrar posing as you and asking for the password to your domain account. This would allow them to go in and change all the information or transfer the domain to their own account at another Registrar.
Hijackers have used email spoofing just about as long as people have been able to register domains. It was the very first method used to steal a domain name and is still the most popular way. The hijacker never has to make a call, fax a letter, or leave any other trail of evidence behind them. And, often times, the domain owners unaware of what’s happened until it’s too late.
If you called your Registrar right now and demanded to know the password to your account what would their response be? Would they ask you for some form of ID? Would they ask for a faxed letterhead? Would they tell you that they’ll email the password to the admin’s email address?
Some domainers claim that it’s too much trouble for them to get information from their Registrars or that it’s too difficult to make account changes. However, Registrars have every reason to impose strict policies regarding domain name information and they’re doing it for the sake of you, their client.
The are many domain hijacking stories where the perpetrator had called the Registrar pretending to be an annoyed customer and demanded a password change or account update. For this reason, it’s important to choose a Registrar who will go the extra mile to protect your domain, even if it creates some inconvenience for you.
The easiest way to prevent domain hijacking is to, obviously, keep your contact information with your Registrar up to date.. Don’t ever use an email address that is in danger of expiring. And continue to check that email address at least twice a week, though daily would be better. The faster you contact your Registrar if you see a suspicious email, the more likely you are to stop a domain name hijacking in mid-process.
What is considered a suspicious email? If you ever get an email requesting your password information or one verifying a password change that you didn’t make, call your Registrar immediately and explain the situation. Someone who found a way to log into your email might be in the middle of stealing your domain.
Other preventative methods include general safety awareness and common sense, especially during online interactions. Do not store your passwords unprotected on your computer and do not store them on public computers at all. Instead, use protected password software, such as KeepPass, which is free. Additionally, do not store emails containing usernames and/or passwords on free email services. Lastly, use passwords with at least 8 characters and use a mixture of numbers and letters.
All of these are things you would do on your own, but what about your Registrar?
Check your Registrar’s policies and make sure that you feel safe with them. Choose the level of security that you prefer and deal only with a Registrar who matches that. Once you’ve selected a possible Registrar, call them and test them out. If they don’t follow their own procedures, look for an alternative Registrar immediately. It’s important to look for a Registrar who doesn’t bend on their rules just because they don’t want to deal with an irate customer.
If you’ve already fallen prey to domain hijacking, the very first thing you should do is call your Registrar. A lot of hijackings take place on Friday nights, just before the weekend, which is what makes so many hijackings successful. as domain name owners are less likely to monitor their websites over the weekend and many Registrars close their offices over the weekend as well.
If you can’t get through to your Registrar on the phone, try using their support desk ticket system instead (most Registrars have one).
After you’ve opened a support ticket, start looking for other ways to get in touch with your Registrar. You might try searching for the owner’s name and finding an alternate phone number. Many domains have been saved because of quick research on the Registrant’s part. In one case, a website owner actually flew to Network Solution’s office on the weekend and refused to leave the lobby (as the security guards had demanded) until the company CEO was reached by cell phone.
If you can’t reach your Registrar by phone, check the current whois record and see if you can find out which Registrar the hijacker transferred the domain name to. Contact that Registrar and explain what happened. You probably won’t get any immediate action from them, but they might lock the domain and stop it from moving anywhere else or keep the Registrant info from changing again.
If neither Registrar can be reached, or if the new Registrar is unwilling to cooperate, you might have no other choice than to sit and wait for your Registrar to return your calls. Meanwhile, draft a letter (or have your lawyer draft one) to your Registrar, the new Registrar, and anyone else involved, explaining the situation. Send the letter via registered mail with a signature required. This will allow you to document the case, should it be necessary.
To understand how a domain hijacker could possibly steal a domain and resell it, without the rightful domain owner ever being able to recover it, revisit one of the concepts introduced very early in this guide. Domain names are not actually be owned. Domainers call themselves ‘domain owners’ only as a way of speaking. What actually happens when you register a domain is that you enter into an agreement, or contract, that gives you the right to use the name for a specified period of time. The US Government does not currently see domain names as property, nor do any international laws.
Since domain names are not considered property, someone who buys a domain name that was hijacked can not be charged with receiving stolen goods. The law gets very complicated whenever a third party is involved in contracts like this. If the domain name is worth enough to you, consult a lawyer. If not, you may just have to let it go if it has already changed hands more than once.
The hijacker, if in the US, can be brought up on certain charges though. These charges can include computer fraud or wire fraud. Additionally, there are certain civil lawsuits you can launch against them to try and recover some of your losses. The real problem occurs in that most domain hijackings take place by those well out of your reach.
Now that you’ve seen some of the controversy within the domain industry, let’s take a look at how you can protect your domain name.