Minimizing the Risk of Having Your Domain Name Stolen


Lately, there’s been an uptick in the number of domains Which are being stolen. I am not sure if it’s because of the globalpandemic and individuals are getting more desperate for money, or in case domain thieves are taking advantage of the shifting electronic and techatmosphere. COVID-19 is inducing more people to be online and conduct business online. But this also means that many do not fully comprehend how to properly protect their electronic assets, such as domain names.

Digital Assets

When I think of electronic assets, I think of many distinct types. Then there is online shopping sites’ logins, such as Amazon, Walmart, Target, and eBay, where most likely you have an account where your payment data is saved. Apple Pay and Google Pay are others, as well as your website hosting account which handles your email (if you don’t use or, and, finally, your domain name. If your domain goes missing, then you lose a lot: accessibility to email, as well as your site probably will return, where you are going to lose visibility, online sales, and clients. Online thieves are hacking websites and anywhere there is a login, because they’re trying to get to your digital assets.

Protecting Online Accounts

Many Of us are now used to safeguarding our online accounts using a unique, secure password for each login that we have online. An significant part protecting digital assets, and domain names, would be to make sure you get a secure password and two-factor authentication set up for your login at your domain registrar. Oftentimes, if a thief gains access to an account at a domain registrar, the results can be disastrous if you do not have additional protections in place to safeguard your domain name.

Hackers who gain access to a domain registrar’s account may perform a few things that would disrupt your business:

They can point the domain name to another web server, perhapstheir”copy” of your site. They might even keep your contact info on the WHOIS record so it looks like you still have it–but the domain may be moved into their account. When it’s out of your account and you no longer command the domain name, then they’ve stolen the domain and mayresell it.
The thief or hacker can transfer the domain name with that registrar to another registrar. Whenever they begin the transfer then they’ve tried to steal the domain name, and when it’s transferred then it’s considered to be stolen. They may keep the exact same name servers so that it stillpoints to your site, and therefore you don’t notice that it’s stolen.

Digital thieves know that domain name Names are valuable, since they are electronic assets which may be sold for tens of thousands, thousands, hundreds of thousands, and even millions of dollars. Unfortunately, domain crimes typically go un-prosecuted. Oftentimes, the domain thieves aren’t located in precisely theexact same state as the victim. They all have exactly the exact same thing in common: they wish to benefit monetarily from slipping the domain name. Here’s a coupledomain crimes that I’ve seen recently:

A organization’saccount at a domain registrar was hacked (using social technology). The business was involved in cryptocurrency, so gaining access to the domain name allowed for the hackers to get the company’s crypto exchange.
The domain thief posed as a domain buyer, telling the domain owner they wanted to purchase their domain for a few thousand dollars. The buyer and seller agreed to a cost, the thief told them that they could pay them through cryptocurrency. The seller transferred the domain name once they were given details of the cryptocurrency transaction. After the seller tried to access the cryptocurrency and”cash in”, it was invalid. They were scammed, and lost the domain name.
A domain name owner who has a portfolio of domain names gets their account hacked at a domain registrar. The owner does not comprehend this, and the domain names are transferred to another registrar in a different country. The gaining registrar is uncooperative (or in on the theft), and will not return the domain names.
A domain name owner has his or her account hacked at the domain registrar and domain names are transferred out to a different registrar. They then sell the domain names to somebody else, and the domain names are transferred again to a different registrar. This occurs several times, with various registrars. People who bought the domain names do not know they’re stolen, and they lose any investment that they made in the domain names. At times it’s hard to unravel cases similar to this, as there are several owners and registrars involved.

All Of these occurred in the previous two to three months. And so are onlyexamples of where the domain name owner might have done something to stop the domain name theft. In the case of the domain name purchase scam, the seller must have used a domain escrow assistance, there are several reputable escrow services, including’s Domain Escrow Services, as well as that handles domain name sales.

Just just how do you minimize the risk of your domain getting stolen?

Transfer your domain to a secure accounts.
Log into your accounts account on a regular basis.
Setup registry (transfer lock) on your domain.
Check WHOIS data regularly.
Renew the domain for many years or”forever”.
Use other security attributes at your own Password.
Shield your domain with a domain name warranty.

Consider Transferring your domain to a secure domain name registrar. You will findregistrars that have not kept up with common security practices, like allowing you to set up 2-Factor Authentication on your account, Registrar Lock (that halts domain transfers), and even preparing a PIN number on your account for customer support interactions.

Log Into your domain registrar’s account on a regular basis. I can notreally say how frequently you want to get this done, but you should do it on a regular schedule. Log in, be sure to stillhave the domain name(s) on your account, be sure they’re on auto-renew, and nothing appears out of the ordinary.

Set up Registrar Lock or”transfer lock” on your domain name. Some Registrars call it”Executive Lock” or something similar. It is a setting which makes certain the domain cannot be transferred to another registrar without having it turned off. Some go as far as keeping it”on” unless they get verbal confirmation which it needs to be transferred.

Assess The WHOIS data on the domain name. Check it publicly on a public WHOIS, like at ICANN’s WHOIS, WhoQ, or even at your registrar. Make certain it’s correct, even the email addresses.

I recommend at least 5 Decades For valuable domain names (or ones you don’t wish to shed). It’s possible to find a “forever” domain registration at

Ask the accounts in the event the account access can be limited based on The IP address of the person logging into the account. Ask the registrar if the account may be restricted from logging in by a USB Device, like a physical Titan Security Key, or even a Yubikey. If you have Google Advanced Protection allowed on your Google Account, you may have two physical keys to get this Google Account (and some innovative protection in the Google backend). You’d then have those Advanced Protection keys out ofGoogle to protect the domain names on Google Domains.

Look at protecting your domain name(s) with a domain name warranty or support which protects those digital assets, including

Some domain name registrars, especially those who take domain It is harder for the fraudsters and thieves to steal domain names at those registrars. Some domain name registrars don’thave 24/7 technical support, they may outsource their customer supportagents, and their domain software is outdated.

As I write this now, I have been informed of at least20 very valuable domain names which were stolen by their owners in the last 60 days. As an example, of 2 cases I personally confirmed, the domain names were stolen out of one specific domain registrar, based in the USA. The domain names were transferred to some other domain registrar in China. Both ofthese companies who have the domain names are, in fact, based on the USA. So, it’s not plausible that they’d transfer their domain names to a Chinese domain name registrar.

In the case of
Both domain names, the exact same domain name thief retained the domain name ownership records whole, and they both reveal that the former owners. But in 1 case, part of the domain contact record was changed, along withthe prior owner’s address is present, but the final part of the speechis listed as a Province in China, rather than Florida, where the businesswhose domain name was stolen is located.

What tipped us off to those stolen domain casesis that both Domains were listed for sale on a favorite domain name market. But, these are domain names where the overall consensus of the value could be over $100,000 per year, and were listed for 1/10th of the value. It is too good to be true, and probably it’sstolen. The same goes for all these domain names which are allegedly stolen. The cost gives them away, and, in this scenario, the possession records (that the WHOIS records) also reveal evidence of the theft.

It has never Been more important to take responsibility for your electronic assets, and Make sure they are with a domain registrar that has accommodated And evolved with the times. A few moments spent sensibly, securing your Digital resources, is critical in times such as these. It can be the Difference between your precious digital assets and web properties being Safeguarded, or potentially exposed to theft and risk.

Leave a Reply

Your email address will not be published. Required fields are marked *