Information Highwaymen and Your Domain

You go to work every day at the store you own, and one morning,
your key to the door doesn’t work. You look in the window, and
the display items have changed. A stranger is behind the
counter. But when you call the police, they can’t do anything
because the company papers now indicate that the store belongs
to the stranger.

The above scenario isn’t likely to happen with a
bricks-and-mortar store. Because of insecurities in the domain
registration system, however, information highwaymen could take
over your online business.

As with identity theft, domain thieves steal your identity –
the identity used to register and configure your domain name.
After that, your website, your email, your online business, and
possibly your reputation are theirs.

Domain names at risk of theft

While theft is a risk with all domain names, domains most at
risk are more valuable ones. Domains with dot com extensions
have a higher resale value than domains with other extensions,
and domains with high traffic or valuable keywords are also more
likely to be targets.

The motive behind domain hijacking is usually monetary, but it
may be personal. If anyone wants to attack you, stealing your
domain name is one way to do it.

How domain theft happens

When domain hijackers steal your domain, they gain access to the
domain’s Whois records. They
can modify the domain’s nameservers so that the domain points to
a different server. They can also transfer the domain to a
different registrar.

Either way, site visitors will find themselves at the website of
the domain hijacker instead of at your site. All domain email
will go to or through the other server instead of to you. All
you’ll have left is a website without public access because your
domain isn’t pointing to it any more.

How can this happen?

Domain hijacking methods

• Domain hijackers send forged faxes to the domain registrar,
impersonating the registrants.

• Domain hijackers hack into the accounts of free email
addresses listed in Whois records and use those addresses to
obtain domain account information.

• Domain hijackers send out fraudulent email renewal notices,
and registrants unknowingly transfer their domains to the
thieves.

Registrar non-action

• The gaining registrar (the registrar that the domain is
transferred to) doesn’t obtain approval from the domain name
registrant or administrative contact as required by ICANN Inter-Registrar
Transfer Policy.

• The losing registrar (that the domain is transferred from)
doesn’t notify the registrant of the transfer during the
five-day pending transfer period. During this period, the
registrant can cancel or deny approval of the domain transfer
— if the registrar notifies the registrant of it.

Registrant carelessness

• The registrant forgets to update Whois details or to renew
the account.

• Someone with access to the registrant’s records steals the
information.

Domain name disputes

If you discover that your domain has been hijacked, contact
your registrar immediately. If your registrar is unable to
resolve the situation, the ICANN (Internet Corporation for
Assigned Names and Numbers)
Transfer Dispute Resolution Policy (TDRP) applies.

By going the above arbitration route, you don’t have to argue
your case in person. On the other hand, all you can get back in
the process is your domain (and not necessarily that). For a lot
more money, you can take your case to court, where you can seek
compensation for damages in addition to the return of your
domain. This process takes more time, however.

You may be able to proceed both ways – get your domain back via
ICANN domain dispute resolution procedures and then go to court
to collect damages. You can also appeal a domain arbitrator’s
decision in court.

How to protect your domain name

Protecting a domain name is similar to protecting a
bricks-and-mortar store from burglary. With a combination of
precautions in place, thieves will find it difficult or
impossible to gain access.

Your domain account information

• List your name for the administrative contact, and use your
full name.

• Create a complex password with letters (both upper case and
lower case) and numbers. Don’t use any real words or personal
information in it. Make it long. Make it unique – don’t use the
same password for anything else. Change it periodically.

• Keep your domain login name, account number, and password in a
place where only trusted people can access it.

• Use a valid contact email address that doesn’t use the domain
it’s for. Be sure that this email account also has a complex
password. If you’re going to be offline for more than a few
days, have someone else check the email for this account.

• Don’t use a free email address such as a Hotmail or Yahoo
address. Domain hijackers target domains with free email
addresses in the Whois records. After they’ve cracked your email
account password, the support you need to get your email account
back will probably be slow, giving the hijackers plenty of time
to take over your domain.

• Update your Whois record whenever the information in it
changes.

Your domain account features

• Choose a domain registrar that sends registrants transfer
pending notifications when a domain transfer is taking place.

• Consider protecting your Whois details with a registrar that
offers a private domain name record. With this feature, your
registrar’s data appears with your Whois record rather than your
data. The downside of using this feature is that your business
may have less credibility because you’re hiding who you are.

• Register your domain for a long time period, and set up
calendar reminders to renew it before it expires.

• Set up your domain to be renewed automatically if your
registrar offers this feature.

• Use the Registrar-lock mechanism if it’s available through
your registrar. When a domain is locked, it cannot be modified
or transferred unless the registrant unlocks it or follows the
domain transfer process.

Other domain security measures

• Set up a free Whois
monitoring alert email service and add your domain to your
monitoring list. You will receive email notifications whenever
the expiration date, registrar, or status of a monitored domain
changes. (Whois does not have data on all domain extensions.)

• Make sure that someone checks your website every few days,
preferably daily.