Lately, there has been an uptick in the number of domain names That are being stolen. I am not positive if it’s because of the globalpandemic and people are becoming more desperate for money, or if domain namethieves are taking advantage of the changing digital and techenvironment. COVID-19 is inducing more of us to be online and conduct business online. But that also means that many do not fully understand how to properly protect their digital assets, like domain names. This may be why we are seeing more and more online scams, phishing like Google Ads phishing, and online theft generally.
Digital Assets
While I think of electronic assets, I think of several different kinds. Our electronic assets may include access to a bank account online, access to accounts like cryptocurrency accounts, and payment transactionsites like PayPal, Masterbucks, and Venmo. Then there’s online shopping websites’ logins, for example Amazon, Walmart, Target, and eBay, in which most probably you have an account where your payment data is stored. Apple Purchase and Google Pay are others, as well as your web site hosting account which handles your email (if you don’t use Gmail.com or Outlook.com), and, ultimately, your domain . In case your domain namegoes missing, then you lose a lot: access to email, as well as your website most likely will go down, where you are going to lose visibility, online sales, and customers. Online thieves are hacking websites and anywhere there is a login, since they’re trying to access your digital assets.
A Lot of Us are now used to protecting our online accounts by utilizing a Unique, secure password for each login that we’ve got online. An significant part protecting digital assets, and domain names, would be to make sureyou get a safe password and two-factor authentication setup to your login in your domain nameregistrar. In many cases, if a burglar gains access to an account in a domain nameregistrar, the consequences can be catastrophic if you do not have additional protections in place to protect your domain .
Hackers who gain access to your domain nameregistrar’s account may do a few things that would interrupt your business:
The thief or hacker can push the domain name in their account. They might even keep your samecontact information on the WHOIS record so it seems like you still have it–but the domain namemay be transferred in their account. If it’s from your accounts and you no longer command the domain , then they’ve stolen the domain nameand canresell it. As soon as they start the transfer then they’veattempted to steal the domain , and as soon as it is moved then it is regarded as stolen. They can keep the same name servers so that it stillpoints to your website, and therefore you don’t detect that it is stolen.
Digital thieves know that domain names are valuable, because they’re Digital assets which may be sold for tens of thousands, tens ofthousands, hundreds of thousands, and even millions of dollars. Unfortunately, domain namecrimes typically go un-prosecuted. In many cases, the domain thieves are not found in precisely the same state as the victim. They allhave exactly the same thing in common: they want to benefit monetarily from slipping the domain name. Following is a couple domain namecrimes that I’ve seen recently:
A company’s account in a domain nameregistrar was hacked (using social technology).
The domain burglar posed as a domain namebuyer, telling the domain nameowner they wanted to buy their domain namefor a few thousand dollars. The buyer and seller agreed to a cost, the burglar told them they could pay them through cryptocurrency. The seller moved the domain name once they were given details of the cryptocurrency trade. After the seller attempted to get the cryptocurrency and”cash in”, it was invalid. They were scammed, and lost the domain .
A domain name owner who has a portfolio of valuabledomain names gets their accounts hacked in a domain nameregistrar. The owner does notcomprehend this, and the domain names are transferred to another registrar in another nation. The gaining registrar is uncooperative (or in on the theft), and will not return the domain names.
A domain name owner has his or her accounts hacked in the domain nameregistrar and domain names are moved out to another registrar. Then they sell the domain names to someone else, and the domainsare moved again to another registrar. This occurs several times, with different registrars. People who purchased the domain names do not know they’re stolen, and they lose any investment they made in the domain names. Sometimes it’s hard to unravel cases like this, sincethere are numerous owners and registrars involved.
All these happened in the past two to three months. And so are just Examples of where the domain name owner could have done something to stop the domain name theft. In the case of the domain namesale scam, the seller must have employed a domain nameescrow service, there are numerous reputable escrow services, such as Epik.com’s Domain Escrow Services, as well as Escrow.com that handles domain name sales.
Just how do you minimize the danger of your domain namegetting stolen?
Transfer your domain to a secure registrar.
Log in to your registrar account on a regular basis.
Setup registry (transfer lock) on your domain.
Assess WHOIS data frequently.
Renew the domain for several years or”eternally”.
Use additional security features at your own Password.
Shield your domain with a domain name warranty.
Think about moving your domain nameto a secure domain name registrar. You will find registrars that haven’t kept up with common securitypractices, like allowing you to install 2-Factor Authentication inyour accounts, Registrar Lock (which halts domain nametransfers), and even setting up a PIN number on your accounts for customer serviceinteractions.
Log in to your domain nameregistrar’s accounts on a regular basis. I Can’t actually say how often you want to get this done, but you should get it done on a normal schedule. Log in, make sure to stillhave the domain name(s) on your accounts, make sure they’re on auto-renew, and nothing appears out of the normal. This less-than-5-minute task could literally save your domain namefrom being stolen.
Set up Registrar Lock or”transfer lock” on your domain . Some It’s a setting which makes certain the domain namecannot be moved into another account without having it turned off. Some go as far as maintaining it”on” unless they get verbal confirmation which it needs to be transferred.
Check the WHOIS data on the domain . Check it publicly on a Public WHOIS, like in ICANN’s WHOIS, WhoQ, or in your registrar. Make certain it’s correct, even the email addresses. In case the domain nameis using WHOIS Privacy, send an email to the obfuscated email address to ensure to get the emailaddress.
Years for valuable domain names (or ones you don’t wish to lose). You can get a “eternally” domain nameregistration in Epik.com.
Ask the registrar if the accounts access can be limited based on The IP address of the person logging in to the accounts. Ask the accounts if the accounts may be restricted from logging in by a USB Device, like a bodily Titan Security Crucial, or a Yubikey. In case you have Google Advanced Protection enabled on your Google Account, you may have two physical keys to get that Google Account (plus some advanced protection in the Google back-end). You’d then have those Advanced Protection keys out ofGoogle to protect the domain names on Google Domains.
Consider protecting your domain (s) with a domain name warranty or service which protects those digital assets, such as DNProtect.com.
Some domain name registrars, especially those who take domain name It’s harder for the fraudsters and thieves to steal domain names at these registrars. Some domain name registrars don’thave 24/7 technical support, they can outsource their customer serviceagents, and their domain software is obsolete.
Domain Name Thefts Occurring at This Time
As I write this now, I have been informed of at least20 very Valuable domain names which were stolen by their owners in the last 60 days. For example, of 2 cases I personally confirmed, the domain names were stolen out of one specific domain nameregistrar, based in the USA. The domain names were moved to some other domain nameregistrar in China. Both these companies who have the domain names are, in fact, based on the United States. So, it is not logical that they’dmove their domain names to a Chinese domain name registrar.
In the case of the domain names, the Exact Same domain namethief kept The domain ownership records undamaged, and they bothshow the priorowners. But in one case, part of the domain namecontact record was altered, and the prior owner’s speech is current, but the last partof the speech is recorded as a Province in China, and not Florida, in whichthe firm whose domain name has been stolen is located.
What tipped us off to those stolen domain casesis that both Domains were listed available on a popular domain name marketplace. But, these are domain names in which the overall consensus of the value could be over $100,000 each, and were recorded for 1/10th of their value. Bear in mind the 1 year old $150,000 Porsche listed available on Craigslist for $15,000? It’s too good to be true, and most likely it isstolen. The same is true for all these domain names which are allegedly stolen. The purchase price provides them away, also, in this case, the ownership records (the WHOIS records) also reveal evidence of the theft.
Digital assets, and ensure they are with a domain nameregistrar That has adapted and evolved with the times. A few moments spent Wisely, securing your electronic assets, is critical in times like these. It may be the difference between your valuable digital assets and web Properties being guarded, or possibly subjected to theft and risk.