Recently, there’s been an uptick in the number of domain names I am not sure whether it’s because of the globaloutbreak and people are getting more desperate for cash, or in case domain namethieves are using the changing digital and techenvironment. COVID-19 is inducing more people to become online and conduct business online. But that also means that many don’t fully comprehend how to properly protect their digital assets, like domain names.
While I think of electronic assets, I think of many different types. Our electronic assets can consist of access to your bank account online, access to accounts such as cryptocurrency accounts, and payment tradesites like PayPal, Masterbucks, and Venmo. Then there’s online shopping websites’ logins, for example Amazon, Walmart, Target, and eBay, where most probably you have an account where your payment data is saved. Apple Purchase and Google Pay are many others, in addition to your website hosting account which manages your email (unless you use Gmail.com or Outlook.com), and, finally, your domain . In case your domain namegoes missing, then you lose a lot: access to email, in addition to your site most likely will go down, where you’ll lose visibility, online sales, and clients. Online thieves are hacking sites and anywhere there’s a login, since they’re trying to access your digital assets.
Many of us are now used to protecting our online accounts by using a Unique, secure password for each login that we’ve got online. An significant part protecting digital assets, and domain names, is to make surethatyou get a secure password and two-factor authentication set up to your login in your domain nameregistrar. Oftentimes, if a thief gains access into an account in a domain nameregistrar, the results can be catastrophic if you don’t have extra protections in place to protect your domain .
Hackers who gain access to a domain nameregistrar’s account can do a few things that would interrupt your company:
They can point the domain name to another web server, perhaps their”copy” of your site. You would think that it’s the copy, however, the copy may contain malicious code.I’ve even seen them direct online sales from a copy of your site to them so they benefit monetarily from it via identity theft or diverting funds. They might even keep your samecontact information on the WHOIS record so thatit looks like you still have itbut the domain namemay be moved in their account. When it’s from your account and you no longer command the domain , then they’ve stolen the domain nameand mayresell it.
The thief or hacker can transfer the domain name from that registrar to another registrar. Whenever they start the transfer then they’vetried to steal the domain , and as soon as it’s moved then it’s regarded as stolen. They may keep the exact same name servers so it points to your site, and therefore you don’t detect that it’s stolen.
Digital thieves know that domain names are valuable, because they are Digital assets which can be sold for thousands, thousands, hundreds of thousands, as well as millions of dollars. Unfortunately, domain namecrimes typically go un-prosecuted. Oftentimes, the domain thieves aren’t located in precisely the exact same state as the sufferer. They allhave the exact same thing in common: they wish to gain monetarily from slipping the domain name. Here’s a few domain namecrimes that I’ve found recently:
A organization’s account in a domain nameregistrar was hacked (using social technology).
The domain thief posed as a domain namebuyer, telling the domain nameowner they wanted to purchase their domain namefor a few thousand dollars. The buyer and seller agreed to a cost, the thief told them they could pay them through cryptocurrency. The seller moved the domain name when they had been given details of the cryptocurrency transaction. After the seller tried to access the cryptocurrency and”cash in”, it was invalid. They had been scammed, and dropped the domain .
A domain name owner who has a portfolio of domain names gets their account hacked in a domain nameregistrar. The owner does notrealize this, and the domain names are transferred to another registrar in a different country. The gaining registrar is stubborn (or in on the theft), and will not return the domain names.
A domain name owner has his or her account hacked in the domain nameregistrar and domain names are moved out to a different registrar. They then sell the domain names to somebody else, and the domainsare moved yetagain to a different registrar. This occurs several times, with different registrars. People who purchased the domain names don’t know they are stolen, and they lose any investment they made in the domain names. Sometimes it’s difficult to unravel cases like this, asthere are numerous owners and registrars involved.
All ofthese happened in the previous two to three months. And so are only In the case of the domain namesale scam, the vendor must have used a domain nameescrow service, there are numerous reputable escrow services, such as Epik.com’s Domain Escrow Services, in addition to Escrow.com that manages domain name sales.
Just how do you minimize the risk of your domain namegetting stolen?
Move your domain to a secure registrar.
Log in to your registrar account on a regular basis.
Setup registry (transfer lock) in your domain.
Assess WHOIS information regularly.
Renew the domain for many years or”eternally”.
Take advantage of other security features at your registrar.
Shield your domain using a domain name warranty.
Think about moving your domain nameto a secure domain name registrar. You will find registrars that haven’t kept up with common securitypractices, such as allowing you to install 2-Factor Authentication inyour account, Registrar Lock (that halts domain nametransfers), as well as setting up a PIN number in your account for customer serviceinteractions.
Log in to your domain nameregistrar’s account on a regular basis. I Can’t really say how often you need to get this done, but you ought to do it on a normal schedule. Log in, be sure you have the domain name(s) on your account, make sure they are on auto-renew, and nothing looks out of the ordinary.
Set up Registrar Lock or”transfer lock” in your domain . Some Registrars call it”Executive Lock” or something comparable. It’s a setting which makes sure thatthe domain namecannot be moved into another account without having it turned off. Some go as far as keeping it”on” unless they get verbal confirmation which it needs to be transferred.
Check the WHOIS information on the domain . Check it publicly on a Public WHOIS, such as in ICANN’s WHOIS, WhoQ, or in your registrar.
Years for precious domain names (or ones thatyou don’t wish to shed). You can get a “eternally” domain nameregistration in Epik.com.
Ask the registrar if the account access can be restricted based on Ask the accounts if the account can be restricted from logging in by a USB Device, such as a physical Titan Security Crucial, or even a Yubikey. In case you have Google Advanced Protection enabled in your Google Account, you will have two physical keys to access that Google Account (and some innovative protection in the Google backend). You would then have those Advanced Protection keys fromGoogle to protect the domain names on Google Domains.
Look at protecting your domain (s) using a domain name warranty or support which protects these digital assets, such as DNProtect.com.
It’s more difficult for the fraudsters and thieves to steal domain names at those registrars. Some domain name registrars don’thave 24/7 technical support, they may outsource their customer serviceagents, and their domain registrarsoftware is outdated.
Domain Name Thefts Occurring Right Now
As I write this now, I have been informed of at least20 very Valuable domain names which were stolen from their owners in the last 60 days. As an example, of 2 cases I personally confirmed, the domain names were stolen from one particular domain nameregistrar, based in the united states. The domain names were moved to another domain nameregistrar in China. Both ofthese firms who have the domain names are, in fact, based on the USA. So, it’s not logical that they wouldtransfer their domain names into a Chinese domain name registrar.
In the case of the domain names, the same domain namethief kept The domain name ownership records undamaged, and they bothshow the priorowners. However, in one case, part of the domain namecontact record was altered, and the former owner’s address is present, but the final portionof the address is recorded as a Province in China, and not Florida, wherethe firm whose domain name has been stolen is located.
What tipped us off into these stolen domain is that both Domains were listed for sale on a favorite domain name market. But, these are domain names where the general consensus of the value could be over $100,000 each, and were recorded for 1/10th of the value. Remember the 1 year old $150,000 Porsche listed for sale on Craigslist for $15,000? It’s too good to be true, and most likely it isstolen. The same goes for these domain names which are allegedly stolen. The price gives them away, and, in this case, the ownership records (that the WHOIS records) also show evidence of the theft.
Digital assets, and ensure thatthey are using a domain nameregistrar That has adapted and evolved with the times. A few minutes spent Wisely, securing your electronic assets, is critical in times like these. It can be the difference between your precious digital assets and web Properties being safeguarded, or possibly exposed to theft and risk.