What is Domain Hijacking?
Domain hijacking is the theft of a registered domain name from its registered owner. Because domain names can be very valuable, thieves find new and innovative ways to exploit unwary domain holders. Through the use of phishing scams, domain hackers present a very professional front to deceive domain holders into inadvertently giving away their account information.
How domain transfers occur
Domains are incredibly valuable branding tools for online businesses. Losing a company's URL could prove quite detrimental, as it would allow the new domain holder to leverage the domain’s current traffic base. But domains are not as easily stolen as a single file from a computer or the like.
Domain transfers require that the domain become unlocked, which means transfer requests can actually take a domain name at this point. Domain transfers cannot occur so long as the account holder keeps their URLs in a locked state. But once unlocked from the holding account, the account holder receives a transfer or extensible provisioning protocol (EPP) authorization code. When that code is entered on the receiving account, this effectively secures the transaction of transferring ownership of the domain.
Thus, the main obstacle for domain hijackers is accessing your webhosting account to unlock the domain and secure an EPP authorization code.
Setting up the scam
Domain hijackers create a very elaborate environment of deception in order to lure the unwary into providing information as secure as login credentials. They first create an email designed to appear as authentic as possible as a webhosting service provider’s email, including everything from images to the look and feel of a customer support alert.
This email typically states there is a problem with your account and you must go to the linked Web page to enter your login credentials and address the problem. The link attached in the email does not go to the webhosting website, but rather to a page designed to appear as similar as possible. This page typically contains a form that requests personal details, from your name and address to your login information. All of this is collected with the purpose of having full access to your account and its domain names.
The information entered in these forms are collected secretly and then used to access your webhosting account and transfer away any valuable domain names.
Why domains names are hijacked
The motives behind stealing domain names are quite simple. Some hijackers do it for the simple monetary value, reselling domain names to others or launching websites full of ads that might create click-throughs. It’s quite uncommon for a hijacker to transfer a domain and not sell it, unless their motivation is purely malicious.
How to recover a domain name
Recovering a hijacked domain is something of an uphill struggle as most registrars are skeptical of claims of domain hijackers. Hijackers often “launder” the domain names to look as if it was sold to a third party, even if it wasn’t. Typically, by the time a domain name is discovered to be stolen, it’s been transferred between three or four different registrars under the name of different parties. Sometimes claims filed with registrars are recognized and rectified, but in many cases an attorney is needed to fully pursue retrieving a domain name.
Preventing domain hijacking
The best strategy against domain hijackers is quite simply to minimize the risk of theft. Hijackers are aware of the vulnerabilities that exist within the domain name registration system and they know very well how to exploit them. You can minimize your own risks by following these prevention tactics:
- Maintain accurate contact information. Registrars cannot properly investigate domain hijacking claims when your account information is inaccurate and appears phony in itself.
- Register domains with a reputable registrar. Hundreds of registrars exist through thousands of resellers. When and where possible, use services that are under contract with ICANN, which sets a specific series of processes for domain transfers.
- Don’t let your registered email address expire. Your email is a key element of unlocking domain names, which means if you let it expire, someone else can easily reopen an email account and use it relentlessly.
- Keep user names and passwords secure. Registrars and webhosting providers never ask for your login information and you should never provide it. Rather than clicking links in an email, actually navigate to your registrar or webhosting service’s home page and log in from there to verify any account issues.
- Use a Whois Privacy Service. Many webhosting providers offer this service, which keeps all of your contact information private from individuals seeking to spoof emails to obtain your information.
- Lock your domains. Most registrars offer “locking” services that prevent a domain from being transferred without first unlocking it.