Recently, there has been an uptick in the number of domain names that are being stolen. I am not sure if it’s because of the worldwide pandemic and people are getting more desperate for money, or if domain name thieves are taking advantage of the changing digital and tech environment. COVID-19 is causing more of us to be online and conduct business online. But that also means that many don’t fully understand how to properly protect their digital assets, like domain names. This may be why we’re seeing more and more online scams, phishing, and online theft in general.
When I think of digital assets, I think of several different types. Our digital assets can include access to a bank account online, access to accounts such as cryptocurrency accounts, and payment transaction sites like PayPal, Masterbucks, and Venmo. Then there’s online shopping sites’ logins, such as Amazon, Walmart, Target, and eBay, where most likely you have an account where your payment information is saved. Apple Pay and Google Pay are others, as well as your website hosting account that handles your email (unless you use Gmail.com or Outlook.com), and, finally, your domain name. If your domain name goes missing, then you lose a lot: access to email, as well as your website most likely will go down, where you’ll lose visibility, online sales, and customers. Online thieves are hacking websites and anywhere there is a login, because they’re attempting to get to your digital assets.
Protecting Online Accounts
Many of us are now used to protecting our online accounts by using a unique, secure password for each login that we have online. An important part of protecting digital assets, and domain names, is to make sure that you have a secure password and two-factor authentication set up for your login at your domain name registrar. In many cases, if a thief gains access to an account at a domain name registrar, the consequences can be disastrous if you don’t have additional protections in place to protect your domain name.
Hackers who gain access to your domain name registrar’s account can do several things that would disrupt your business:
- The thief or hacker can make changes to the DNS records for your domain name. They can point the domain name to another web server, perhaps their “copy” of your website. You would think it’s the copy, but the copy could contain malicious code.I’ve even seen them direct online sales from a copy of your website to them so they benefit monetarily from it through identity theft or diverting funds.
- The thief or hacker can push the domain name into their account. They may even keep your same contact information on the WHOIS record so that it looks like you still own it–but the domain name may be moved into their account. If it’s out of your account and you no longer control the domain name, then they’ve stolen the domain name and can resell it.
- The thief or hacker can transfer the domain name from that registrar to another registrar. As soon as they begin the transfer then they’ve attempted to steal the domain name, and as soon as it’s transferred then it’s considered to be stolen. They may keep the same name servers so it still points to your website, so you don’t notice that it’s stolen.
Digital thieves know that domain names are valuable, since they are digital assets that can be sold for thousands, tens of thousands, hundreds of thousands, and even millions of dollars. Unfortunately, domain name crimes typically go un-prosecuted. In many cases, the domain thieves are not located in the same country as the victim. They all have the same thing in common: they wish to benefit monetarily from stealing the domain name. Here’s a few domain name crimes that I’ve seen recently:
- A company’s account at a domain name registrar was hacked (using social engineering). The company was involved in cryptocurrency, so gaining access to the domain name allowed for the hackers to access the company’s crypto exchange.
- The domain thief posed as a domain name buyer, telling the domain name owner they wanted to buy their domain name for several thousand dollars. The buyer and seller agreed to a price, the thief told them they could pay them via cryptocurrency. The seller transferred the domain name once they were given details of the cryptocurrency transaction. When the seller attempted to access the cryptocurrency and “cash in”, it was invalid. They were scammed, and lost the domain name.
- A domain name owner who has a portfolio of valuable domain names gets their account hacked at a domain name registrar. The owner doesn’t realize this, and the domain names are transferred to another registrar in another country. The gaining registrar is uncooperative (or in on the theft), and won’t return the domain names.
- A domain name owner has his or her account hacked at the domain name registrar and domain names are transferred out to another registrar. They then sell the domain names to someone else, and the domain names are transferred yet again to another registrar. This happens several times, with different registrars. Those who bought the domain names don’t know they’re stolen, and they lose any investment they made in the domain names. Sometimes it’s difficult to unravel cases like this, as there are several owners and registrars involved.
All of these occurred in the past two to three months. And are just examples of where the domain name owner could have done something to stop the domain name theft. In the case of the domain name sale scam, the seller should have used a domain name escrow service, there are several reputable escrow services, such as Epik.com’s Domain Escrow Services, as well as Escrow.com that handles domain name sales.
So how can you minimize the risk of your domain name getting stolen?
- Move your domain to a secure registrar.
- Log into your registrar account on a regular basis.
- Set up registry lock (transfer lock) on your domain.
- Check WHOIS data regularly.
- Renew the domain for several years or “forever”.
- Take advantage of other security features at your registrar.
- Protect your domain with a domain name warranty.
Consider moving your domain name to a secure domain name registrar. There are registrars that have not kept up with common security practices, such as allowing you to set up 2-Factor Authentication on your account, Registrar Lock (which halts domain name transfers), and even setting up a PIN number on your account for customer service interactions.
Log into your domain name registrar’s account on a regular basis. I can’t really say how often you need to do this, but you should do it on a regular schedule. Log in, make sure you still have the domain name(s) in your account, make sure they’re on auto-renew, and nothing looks out of the ordinary. This less-than-5-minute task could literally save your domain name from being stolen.
Set up Registrar Lock or “transfer lock” on your domain name. Some registrars call it “Executive Lock” or something similar. It’s a setting that makes sure that the domain name cannot be transferred to another registrar without having it turned off. Some go as far as keeping it “on” unless they get verbal confirmation that it should be transferred.
Check the WHOIS data on the domain name. Check it publicly on a public WHOIS, such as at ICANN’s WHOIS, WhoQ, or at your registrar. Make sure it’s correct, even the email addresses. If the domain name is using WHOIS Privacy, send an email to the obfuscated email address to make sure you get the email.
Renew your domain name for several years. I recommend at least 5 years for valuable domain names (or ones that you don’t want to lose). You can get a “forever” domain name registration at Epik.com.
Ask the registrar if the account access can be restricted based on the IP address of the person logging into the account. Ask the registrar if the account can be restricted from logging in by a USB Device, such as a physical Titan Security Key, or a Yubikey. If you have Google Advanced Protection enabled on your Google Account, you will have two physical keys to access that Google Account (and some advanced protection in the Google back-end). You would then have those Advanced Protection keys from Google to protect the domain names on Google Domains.
Consider protecting your domain name(s) with a domain name warranty or service that protects these digital assets, such as DNProtect.com.
Some domain name registrars, especially those who take domain name security very seriously, have updated their systems “behind the scenes” so to speak. It’s more difficult for the fraudsters and thieves to steal domain names at those registrars. Some domain name registrars don’t have 24/7 technical support, they may outsource their customer service representatives, and their domain registrar software is outdated.
Domain Name Thefts Occurring Right Now
As I write this now, I have been informed of at least 20 very valuable domain names that were stolen from their owners in the last 60 days. As an example, of 2 cases I personally confirmed, the domain names were stolen from one particular domain name registrar, based in the USA. The domain names were transferred to another domain name registrar in China. Both of these companies who own the domain names are, in fact, based in the United States. So, it’s not logical that they would transfer their domain names to a Chinese domain name registrar.
In the case of both domain names, this same domain name thief kept the domain name ownership records intact, and they both show the former owners. However, in one case, part of the domain name contact record was changed, and the former owner’s address is present, but the last part of the address is listed as a Province in China, and not Florida, where the business whose domain name was stolen is located.
What tipped us off to these stolen domain cases is the fact that both domains names were listed for sale on a popular domain name marketplace. But, these are domain names where the general consensus of the value would be over $100,000 each, and were listed for 1/10th of the value. Remember the 1 year old $150,000 Porsche listed for sale on Craigslist for $15,000? It’s too good to be true, and most likely it’s stolen. The same goes for these domain names that are allegedly stolen. The price gives them away, and, in this case, the ownership records (the WHOIS records) also show evidence of the theft.
It has never been more important to take responsibility for your digital assets, and make sure that they are with a domain name registrar that has adapted and evolved with the times. A few minutes spent wisely, securing your digital assets, is imperative in times like these. It can be the difference between your valuable digital assets and web properties being safeguarded, or potentially subjected to theft and risk.