Lately, there’s been an uptick in the Amount of domain names That are being stolen. I am not sure whether it’s because of the worldwidepandemic and people are getting more desperate for cash, or in case domain thieves are taking advantage of the changing digital and technologyatmosphere. COVID-19 is inducing more people to become online and conduct business online. But that also means that many don’t fully comprehend how to properly protect their digital assets, like domain names. This may be why we are seeing more and more online scams, phishing like Google Ads phishing, and online theft in general.
While I think of digital assets, I believe of many different types. Our digital assets can consist of access to a bank account online, access to reports such as cryptocurrency accounts, and payment transactionsites like PayPal, Masterbucks, and Venmo. Then there’s online shopping sites’ logins, such as Amazon, Walmart, Target, and eBay, where most likely you have an account where your payment information is saved. Apple Purchase and Google Pay are many others, in addition to your web site hosting account which handles your email (if you don’t utilize Gmail.com or Outlook.com), and, ultimately, your domain . In case your domain goes lost, then you lose a lot: access to email, in addition to your site most likely will return, where you’ll lose visibility, online sales, and customers. Online thieves are hacking sites and anywhere there’s a login, because they’re attempting to get to your digital assets.
Many of us are now used to safeguarding our online accounts by utilizing a Unique, protected password for each login that we’ve got online. An important part of protecting digital assets, and domain names, is to ensureyou have a safe password and two-factor authentication setup to your login at your domain registrar. Oftentimes, if a burglar gains access into an account at a domain registrar, the results can be disastrous if you don’t have extra protections in place to protect your domain .
Hackers who access a domain registrar’s account can do several things that would disrupt your company:
You would think that it’s the copy, however, the copy could contain malicious code.I’ve even seen them direct online sales from a copy of your site to them so that they profit monetarily from it through identity theft or diverting funds. They might even keep your samecontact information on the WHOIS record so it looks like you still own itbut the domain may be transferred in their account. If it’s out of your accounts and you no longer command the domain , then they’ve stolen the domain and mayresell it. Whenever they begin the transfer then they’veattempted to steal the domain , and as soon as it is moved then it is considered to be stolen. They can keep the same name servers so it stillpoints to your site, and therefore you don’t detect that it is stolen.
Digital thieves know that domain names are valuable, since they are Digital assets which can be sold for tens of thousands, thousands, hundreds of thousands, as well as millions of dollars. Regrettably, domain crimes generally go un-prosecuted. Oftentimes, the domain thieves are not found in the same state as the sufferer. All of themhave the same thing in common: they wish to gain monetarily from stealing the domain name. Here’s a few domain crimes that I’ve found recently:
A organization’s account at a domain registrar was hacked (using social technology).
The domain burglar posed as a domain buyer, telling the domain owner they wanted to buy their domain for several thousand dollars. The buyer and seller agreed to a price, the burglar told them that they could pay them through cryptocurrency. The seller moved the domain name once they were given details of this cryptocurrency transaction. When the seller attempted to get the cryptocurrency and”cash in”, it was invalid. They were scammed, and dropped the domain .
A domain name owner who has a portfolio of valuabledomain names gets their accounts hacked at a domain registrar. The owner does notrealize this, and the domain names are transferred to another registrar in another country. The gaining registrar is stubborn (or in on the theft), and will not return the domain names.
A domain name owner has his or her accounts hacked at the domain registrar and domain names are moved out to another registrar. They then sell the domain names to somebody else, and the domainsare moved again to another registrar. This happens several times, with various registrars. People who purchased the domain names don’t know they are stolen, and they shed any investment that they made in the domain names. Sometimes it’s hard to unravel cases like this, asthere are several owners and registrars involved.
All ofthese occurred in the past two to three months. And are only Examples of where the domain name owner could have done something to block the domain name theft. In the instance of the domain sale scam, the vendor must have used a domain escrow service, there are several reputable escrow services, such as Epik.com’s Domain Escrow Services, in addition to Escrow.com that handles domain name sales.
So just how do you minimize the risk of your domain getting stolen?
Transfer your domain name to a protected registrar.
Log into your registrar account on a regular basis.
Setup registry lock(transfer lock) on your domain name.
Assess WHOIS information frequently.
Renew the domain name for many years or”forever”.
Take advantage of additional security attributes at your own Password.
Protect your domain with a domain name warranty.
Think about moving your domain to a protected domain name registrar. You will find registrars that haven’t kept up with common securitypractices, such as letting you install 2-Factor Authentication onyour accounts, Registrar Lock (that halts domain transfers), as well as preparing a PIN number on your accounts for customer serviceinteractions.
Log into your domain registrar’s accounts on a regular basis. I Can’t actually say how frequently you need to get this done, but you should get it done on a normal schedule. Log in, be sure to stillhave the domain name(s) in your accounts, make sure they are on auto-renew, and nothing appears out of the ordinary.
Set up Registrar Lock or”transport lock” on your domain . Some Registrars call it”Executive Lock” or something similar. It’s a setting which makes sure the domain cannot be moved to another registrar without having it turned off. Some go as far as maintaining it”on” unless they get verbal confirmation which it should be transferred.
Check the WHOIS information on the domain . Check it openly on a Public WHOIS, such as at ICANN’s WHOIS, WhoQ, or at your registrar.
Renew your domain name for many years. Years for precious domain names (or ones you don’t wish to lose). You can find a “forever” domain registration at Epik.com.
Request the registrar if the accounts access can be restricted based on The IP address of the person logging into the accounts. Request the registrar if the accounts can be restricted from logging in by a USB Device, such as a physical Titan Security Crucial, or even a Yubikey. In case you have Google Advanced Protection allowed on your Google Account, you may have two physical keys to get that Google Account (and a few innovative security in the Google back-end). You would then have those Advanced Protection keys out ofGoogle to protect the domain names on Google Domains.
Consider protecting your domain (s) with a domain name warranty or support which protects these digital assets, such as DNProtect.com.
It’s harder for the fraudsters and thieves to steal domain names at those registrars. Some domain name registrars don’thave 24/7 technical assistance, they can outsource their customer servicerepresentatives, and their domain name registrarsoftware is obsolete.
Domain Name Thefts Occurring at This Time
As I write this now, I have been advised of 20 very Valuable domain names which were stolen by their owners at the previous 60 days. For example, of two cases I personally confirmed, the domain names were stolen out of one specific domain registrar, based in the USA. The domain names were moved to another domain registrar in China. Both ofthese firms who own the domain names are, in reality, based in the USA. So, it is not logical that they’dtransfer their domain names into a Chinese domain name registrar.
In the case of both domain names, the same domain thief kept The domain name ownership documents undamaged, and they bothshow the priorowners. However, in 1 instance, part of this domain contact record was altered, along with the former owner’s speech is current, but the last partof the speech is listed as a Province in China, rather than Florida, wherethe firm whose domain name was stolen is situated.
What tipped us off into these stolen domain casesis the factthat both Domains names were listed available on a popular domain name marketplace. However, these are domain names where the general consensus of this value would be over $100,000 each, and were listed for 1/10th of the value. It’s too good to be true, and most likely it’sstolen. The same goes for these domain names which are allegedly stolen. The purchase price gives them away, also, in this case, the possession records (the WHOIS documents) also reveal evidence of this theft.
It’s never been more important to take responsibility for your Digital resources, and ensure they are with a domain registrar That has evolved and adapted with the times. A Couple of moments spent Sensibly, securing your digital assets, is critical in times like these. It can be the difference between your precious digital assets and internet Properties being guarded, or potentially exposed to theft and risk.