Recently, there’s been an uptick in the number of domain names That are being stolen. I am not positive if it’s because of the globalpandemic and folks are getting more desperate for cash, or if domain thieves are taking advantage of the changing digital and techenvironment. COVID-19 is causing more of us to become online and conduct business online. But that also means that many do not fully understand how to properly protect their digital assets, such as domains. This may be why we are seeing more and more online scams, phishing like Google Ads phishing, and online theft generally.
While I think of digital assets, I believe of several distinct kinds. Our digital assets may include access to a bank account online, access to accounts like cryptocurrency accounts, and payment tradesites such as PayPal, Masterbucks, and Venmo. Then there’s online shopping websites’ logins, for example Amazon, Walmart, Target, and eBay, where most likely you have an account where your payment data is stored. Apple Pay and Google Pay would be others, as well as your website hosting account that handles your email (unless you utilize Gmail.com or Outlook.com), and, ultimately, your domain name. In case your domain goes lost, then you lose a lot: access to email, as well as your site most likely will go down, where you’ll lose visibility, online sales, and clients. Online thieves are hacking websites and anywhere there is a login, because they’re trying to access your digital assets.
Many of us are now Utilized to safeguarding our online accounts by utilizing a Unique, protected password for every login that we’ve got online. An significant part protecting digital assets, and domains, would be to ensurethatyou have a safe password and two-factor authentication set up to your login at your domain registrar. Oftentimes, if a thief gains access to an account at a domain registrar, the consequences can be disastrous if you do not have additional protections in place to protect your domain name.
Hackers who gain access to a domain registrar’s account may do several things that would interrupt your business:
The thief or hacker could make modifications to the DNS records for your domain name.
The thief or hacker could push the domain name into their account. They might even keep your contact info on the WHOIS record so thatit looks like you still own itbut the domain may be transferred into their account. When it’s out of your account and you no longer control the domain name, then they’ve stolen the domain and mayresell it.
The thief or hacker could move the domain name from that registrar to another registrar. As soon as they start the transfer then they haveattempted to steal the domain name, and when it’s moved then it’s considered to be stolen. They can keep the same name servers so that it stillpoints to your site, and therefore you don’t detect that it’s stolen.
Digital thieves know that domains are valuable, because they’re Digital assets that may be sold for tens of thousands, tens ofthousands, hundreds of thousands, as well as millions of dollars. Unfortunately, domain crimes typically go un-prosecuted. Oftentimes, the domain thieves are not found in the same country as the victim. All of themhave the same thing in common: they wish to gain monetarily from slipping the domain name. Following is a couple domain crimes that I’ve seen lately:
A company’s account at a domain registrar was hacked (using social engineering).
The domain thief introduced as a domain buyer, telling the domain owner they wanted to purchase their domain for several thousand dollars. The buyer and seller agreed to a price, the thief told them they could pay them through cryptocurrency. The seller moved the domain name once they had been given details of the cryptocurrency trade. After the seller attempted to access the cryptocurrency and”cash in”, it was invalid. They had been scammed, and dropped the domain name.
A domain name owner who has a portfolio of domain names gets their account hacked at a domain registrar. The owner does notcomprehend this, and the domains are transferred to another registrar in another country. The gaining registrar is stubborn (or in on the theft), and won’t return the domains.
A domain name owner has his or her account hacked at the domain registrar and domains are moved out to another registrar. Then they sell the domains to somebody else, and the domain namesare moved again to another registrar. This occurs several times, with different registrars. People who purchased the domain names do not know they are stolen, and they shed any investment they made in the domains. At times it’s difficult to unravel cases like this, sincethere are numerous owners and registrars involved.
All these happened in the previous two to three weeks. And so are just In the case of the domain sale scam, the seller must have used a domain escrow assistance, there are numerous reputable escrow services, such as Epik.com’s Domain Escrow Services, as well as Escrow.com that handles domain name sales.
Just just how do you minimize the danger of your domain getting stolen?
Move your domain name to a protected registrar.
Log in to your accounts account on a regular basis.
Set up registry (transfer lock) in your domain name.
Check WHOIS data regularly.
Renew the domain name for several years or”forever”.
Take advantage of additional security features at your own Password.
Protect your domain using a domain name guarantee.
Consider moving your domain to a protected domain name registrar. You will find registrars that haven’t kept up with common securitypractices, like letting you set up 2-Factor Authentication inyour account, Registrar Lock (which halts domain transfers), as well as preparing a PIN number in your account for customer supportinteractions.
Log in to your domain registrar’s account on a regular basis. I Can’t really say how often you need to get this done, but you ought to get it done on a normal schedule. Log in, be sure you stillhave the domain name(s) in your account, make sure they are on auto-renew, and nothing appears out of the normal. This less-than-5-minute task could literally save your domain from being stolen.
Establish Registrar Lock or”transport lock” in your domain name. Some It’s a setting that makes sure thatthe domain cannot be moved into another account without needing it turned off. Some go as far as maintaining it”on” unless they get verbal confirmation that it should be transferred.
Check the WHOIS data on the domain name. Check it openly on a Public WHOIS, like at ICANN’s WHOIS, WhoQ, or at your registrar. Make sure it’s correct, even the email addresses. In case the domain is using WHOIS Privacy, send an email to the obfuscated email address to make sure you make the emailaddress.
Renew your domain name for several decades. I recommend at least 5 Years for valuable domains (or ones thatyou don’t wish to lose). It’s possible to get a “forever” domain registration at Epik.com.
Request the accounts in the event the account access can be restricted based on Request the registrar if the account may be restricted from logging in by a USB Device, like a bodily Titan Security Crucial, or even a Yubikey. In case you have Google Advanced Protection allowed in your Google Account, you may have two physical keys to access that Google Account (and some innovative protection in the Google backend). You would then have those Advanced Protection keys fromGoogle to protect the domains on Google Domains.
Consider protecting your domain name(s) using a domain name guarantee or support that protects these digital assets, such as DNProtect.com.
Some domain name registrars, especially those who take domain Security really seriously, have upgraded their systems”behind the scenes” so to speak. It’s more difficult for the fraudsters and thieves to steal domains at these registrars. Some domain name registrars do nothave 24/7 technical assistance, they can outsource their customer supportrepresentatives, and their domain name software is obsolete.
As I write this now, I have been advised of 20 very Valuable domains that were stolen by their owners at the last 60 days. For example, of two cases I personally confirmed, the domain names were stolen out of one specific domain registrar, based in the united states. The domains were moved to another domain registrar in China. Both these companies who own the domains are, in reality, based in the United States. So, it’s not logical that they wouldmove their domain names to a Chinese domain name registrar.
In the case of both domains, this same domain thief kept The domain name ownership records intact, and they show the priorowners. But in 1 case, part of the domain contact record was altered, along with the prior owner’s address is current, but the last partof the address is listed as a Province in China, and not Florida, in whichthe firm whose domain name has been stolen is located.
What tipped us off to these stolen domain is that both Domains names were listed available on a popular domain name marketplace. However, these are domains where the overall consensus of the value could be over $100,000 each, and were listed for 1/10th of the value. It’s too good to be true, and most likely it’sstolen. The same is true for these domains that are allegedly stolen. The purchase price provides them away, and, in this case, the ownership records (the WHOIS documents) also show evidence of the theft.
It’s never been more important to take responsibility for your Digital resources, and make sure thatthey are using a domain registrar That’s evolved and adapted with the times. A Couple of moments spent Wisely, securing your digital assets, is critical in times such as these. It may be the difference between your valuable digital assets and internet Properties being guarded, or possibly exposed to theft and risk.