Recently, there’s been an uptick in the Amount of domains Which are being stolen. I am not sure whether it’s due to the worldwidepandemic and people are becoming more desperate for money, or in case domain namethieves are using the shifting digital and techatmosphere. COVID-19 is inducing more people to be online and conduct business online. But this also means that many do not fully understand how to properly protect their digital assets, such as domains.
When I think of digital assets, I think of several distinct kinds. Our digital assets may include access to a bank account on line, access to accounts like cryptocurrency accounts, and payment trade sites such as PayPal, Masterbucks, and Venmo. Then there is online shopping sites’ logins, for example Amazon, Walmart, Target, and eBay, where most probably you have an account where your payment data is saved. Apple Purchase and Google Pay are other people, as well as your web site hosting account which manages your email (unless you use Gmail.com or Outlook.com), and, ultimately, your domain name. If your domain namegoes lost, then you lose a lot: accessibility to email, as well as your website most likely will go down, where you’ll lose visibility, online sales, and clients. Online thieves are hacking websites and anywhere there is a login, since they’re attempting to access your digital assets.
Many Of us are now utilized to protecting our online accounts using a unique, secure password for every login that we have online. An significant part protecting digital assets, and domains, is to ensure you get a secure password and two-factor authentication setup for your login in your domain nameregistrar. Oftentimes, if a thief gains access into an account in a domain nameregistrar, the consequences can be disastrous if you do not have additional protections in place to protect your domain name.
Hackers who gain access to your domain nameregistrar’s account may perform a few things that would disrupt your business:
They can point the domain name to another web server, possiblytheir”copy” of your website. You would think it’s the copy, but the copy may contain malicious code.I’ve even seen them direct online sales from a copy of your website to them so they benefit monetarily from it via identity theft or diverting funds. They might even keep your samecontact info about the WHOIS record so it looks like you still have it–but the domain namemay be transferred in their account. If it’s out of your accounts and you no longer control the domain name, then they’ve stolen the domain nameand canresell it. Whenever they begin the transfer then they’ve attempted to steal the domain name, and when it is transferred then it is considered to be stolen. They can keep the same name servers so it stillpoints to your website, so you don’t notice that it is stolen.
Digital thieves understand that domain Names are valuable, as they are digital assets which may be sold for tens of thousands, tens ofthousands, hundreds of tens of thousands as well as millions of dollars. Regrettably, domain namecrimes generally go un-prosecuted. Oftentimes, the domain thieves aren’t located in thesame state as the sufferer. All of them have the same thing in common: they wish to benefit monetarily from slipping the domain name. Here’s a coupledomain namecrimes that I’ve seen recently:
A organization’saccount in a domain nameregistrar was hacked (using social engineering). The company was involved in cryptocurrency, therefore gaining access to this domain name enabled for the hackers to get the organization’s crypto exchange.
The domain thief posed as a domain namebuyer, telling the domain nameowner they wanted to buy their domain namefor a few thousand dollars. The buyer and seller agreed to a cost, the thief told them they could pay them through cryptocurrency. The seller transferred the domain name when they had been given details of this cryptocurrency trade. After the seller attempted to access the cryptocurrency and”cash in”, it was invalid. They had been scammed, and dropped the domain name.
A domain name owner that has a portfolio of valuabledomain names gets their accounts hacked in a domain nameregistrar. The owner doesn’t realize this, and the domains are transferred to another registrar in another nation. The gaining registrar is uncooperative (or in about the theft), and won’t return the domains.
A domain name owner has his or her accounts hacked in the domain nameregistrar and domains are transferred out to another registrar. They then sell the domains to someone else, and the domains are transferred yetagain to another registrar. This occurs several times, with various registrars. Those who purchased the domain names do not know they are stolen, and they lose any investment they made in the domains. Sometimes it’s difficult to unravel cases similar to this, as there are several owners and registrars involved.
All Of these happened in the previous two to three weeks. And so are justexamples of where the domain name owner might have done something to block the domain name theft. In the case of this domain name sale scam, the seller must have employed a domain nameescrow assistance, there are several reputable escrow services, such as Epik.com’s Domain Escrow Services, as well as Escrow.com that manages domain name sales.
So just how do you minimize the risk of your domain namegetting stolen?
Move your domain name to a secure registrar.
Log in to your registrar account on a regular basis.
Setup registry lock(transfer lock) on your domain name.
Check WHOIS data regularly.
Renew the domain name for several years or”forever”.
Use other security attributes at your registrar.
Protect your domain using a domain name warranty.
Consider Transferring your domain nameto a secure domain name registrar. There areregistrars that have not kept up with common security practices, like letting you set up 2-Factor Authentication on your accounts, Registrar Lock (that halts domain nametransfers), as well as setting up a PIN number on your accounts for customer service interactions.
Log Into your domain nameregistrar’s accounts on a regular basis. I can’treally say how often you want to do this, but you ought to do it on a normal schedule. Log in, be sure you stillhave the domain name(s) in your accounts, be sure they are on auto-renew, and nothing looks out of the ordinary.
Establish Registrar Lock or”transfer lock” on your domain name. Some It is a setting which makes sure the domain namecannot be transferred into another account without needing it turned off.
Assess The WHOIS data on the domain name. Check it openly on a public WHOIS, like in ICANN’s WHOIS, WhoQ, or in your registrar. Make sure it’s right, even the email addresses. If the domain nameis using WHOIS Privacy, send an email to the obfuscated email address to ensure youget the emailaddress.
Renew your domain name for several years. For valuable domains (or ones you don’t wish to shed). You can get a “forever” domain nameregistration in Epik.com.
Request the registrar if the accounts access can be limited based on The IP address of the person logging in to the accounts. Request the registrar if the accounts may be restricted from logging in by a USB Device, like a bodily Titan Security Crucial, or a Yubikey. If you have Google Advanced Protection allowed on your Google Account, you may have two physical keys to get this Google Account (and some innovative protection in the Google backend). You would then have those Advanced Protection keys fromGoogle to protect the domains on Google Domains.
Look at protecting your domain name(s) using a domain name warranty or service which protects these digital assets, such as DNProtect.com.
Some domain name registrars, especially those who take domain name It is more difficult for the fraudsters and thieves to steal domains at those registrars. Some domain name registrars do nothave 24/7 technical assistance, they can outsource their customer supportagents, and their domain name software is outdated.
Domain Name Thefts Occurring at This Time
As I write this today, I have been informed of 20 very valuable domains which were stolen by their owners in the previous 60 days. For example, of 2 cases I personally confirmed, the domain names were stolen out of one specific domain nameregistrar, based in the united states. The domains were transferred to another domain nameregistrar in China. Both ofthese companies who have the domains are, in actuality, based in the United States. Thus, it is not plausible that they’d move their domain names into some Chinese domain name registrar.
In the case of
Both domains, this same domain name thief kept the domain name ownership documents whole, and they both reveal that the former owners. However, in 1 case, part of this domain namecontact record was altered, andthe prior owner’s speech is current, but the final portion of the speechis listed as a Province in China, rather than Florida, where the businesswhose domain name has been stolen is located.
What tipped us off to these stolen domain casesis the factthat both Domains names were listed for sale on a popular domain name market. However, these are domains where the overall consensus of this value would be over $100,000 per year, and were listed for 1/10th of their value. It is too good to be true, and most likely it’sstolen. The same is true for all these domains which are allegedly stolen. The cost provides them away, and, in this scenario, the ownership records (the WHOIS documents) also reveal evidence of this theft.
It has never Been more important to take responsibility for your digital assets, and Make sure they are using a domain nameregistrar that has accommodated And evolved with the times. A Couple of minutes spent sensibly, securing your Digital assets, is imperative in times such as these. It can function as Difference between your valuable digital assets and web properties being Safeguarded, or possibly subjected to theft and risk.