Recently, there has been an uptick in the number of domain names that are being stolen. I am not sure if it’s because of the worldwide pandemic and people have been getting more desperate for money in the past few years, or if domain name thieves are taking advantage of the changing digital and tech environment. When COVID-19 started, it caused more of us to be online and conduct business online, and that has continued today. But that also means that many don’t fully understand how to properly protect their digital assets, like domain names, so this may be why we’re seeing more and more online scams and online theft in general.
When I think of digital assets, I think of several different types. Our digital assets can include access to your bank account online, access to accounts such as your cryptocurrency accounts, and payment transaction sites like PayPal. Then there’s online shopping sites’ logins, such as Amazon, Walmart, Target, and eBay, where most likely you have an account where your payment information is saved. Apple Pay and Google Pay are others, as well as your website hosting account that handles your email (unless you use Gmail.com or Outlook.com), and, finally, your domain name. If your domain name goes missing, then you lose a lot: access to email, as well as your website most likely will go down, where you’ll lose visibility, online sales, and customers. Online thieves are hacking websites and anywhere there is a login, they’re attempting to get into your accounts. They’re threatening your digital assets.
Protecting Online Accounts
Many of us are now used to protecting our online accounts by using a unique, secure password for each login that we have online. And part of protecting your digital assets, and domain names, is to make sure that you have a secure password and two-factor authentication set up for your login at your domain name registrar. But gaining access to an account at a domain name registrar can be disastrous if you don’t have additional protections in place to protect your domain name.
Hackers who gain access to your domain name registrar’s account can do several things that would disrupt your business:
- They can make changes to the DNS records for your domain name. They can point the domain name to another web server, perhaps their “copy” of your website. You would think it’s the copy, but the copy could contain malicious code or I’ve even seen them direct online sales from a copy of your website to them so they benefit monetarily from it.
- They gain access to your website hosting. I usually don’t recommend hosting the domain name with the same registrar, as gaining access to the registrar account allows them access to the website as well.
- The can push the domain name into their account. They may even keep your same contact information on the WHOIS record so that it looks like you still own it–but the domain name may be moved into their account. If it’s out of your account and you no longer control the domain name, then they’ve stolen the domain name.
- They can transfer the domain name from that registrar to another registrar. As soon as they begin the transfer then they’ve attempted to steal the domain name, and as soon as it’s transferred then it’s considered to be stolen. They may keep the same name servers so it still points to your website, so you don’t notice that it’s stolen.
Digital thieves know that domain names are valuable, since they are digital assets that can be sold for thousands, tens of thousands, and even hundreds of thousands (and millions) of dollars. Unfortunately, domain name crimes typically go un-prosecuted. In many cases, the domain thieves are not located in the same country as the victim They all have the same thing in common: they wish to benefit monetarily from stealing the domain name. Here’s a few domain name crimes that I’ve seen recently:
- A company’s account at a domain name registrar was hacked (using social engineering). The company was involved in cryptocurrency, so gaining access to the domain name allowed for the hackers to access the company’s crypto exchange.
- The domain thief posed as a domain name buyer, telling the domain name owner they wanted to buy their domain name for several thousand dollars. The buyer and seller agreed to a price, the thief told them they could pay them via cryptocurrency. The seller transferred the domain name once they were given details of the cryptocurrency transaction. When the seller attempted to access the cryptocurrency and “cash in”, it was invalid. They were scammed, and lost the domain name.
- A domain name owner who has a portfolio of valuable domain names gets their account hacked at a domain name registrar. They owner doesn’t realize this, and the domain names are transferred to another registrar in another country. The gaining registrar is uncooperative (or in on the theft), and won’t return the domain names.
- A domain name owner has his or her account hacked at the domain name registrar and domain names are transferred out to another registrar. They then sell the domain names to someone else, and the domain names are transferred yet again to another registrar. This happens several times, with different registrars. Those who bought the domain names don’t know they’re stolen, and they lose any investment they made in the domain names. Sometimes it’s difficult to unravel cases like this, as there are several owners and registrars involved.
All of these occurred in the past two to three months. And are just examples of where the domain name owner could have done something to stop the domain name theft. In the case of the domain name sale scam, the seller should have used a domain name escrow service, there are several reputable escrow services, such as Escrow.com that handles domain name sales.
So how can you minimize the risk of your domain name getting stolen?
- Consider moving your domain name to a secure domain name registrar. There are registrars that have not kept up with common security practices, such as allowing you to set up 2-Factor Authentication on your account, Registrar Lock (which halts domain name transfers), and even setting up a PIN number on your account for customer service interactions.
- Log into your domain name registrar’s account on a regular basis. I can’t really say how often you need to do this, but you should do it on a regular schedule. Log in, make sure you still have the domain name(s) in your account, make sure they’re on auto-renew, and nothing looks out of the ordinary. This less-than-5-minute task could literally save your domain name from being stolen.
- Set up Registrar Lock on your domain name. Some registrars call it “Executive Lock” or something similar. It’s a setting that makes sure that the domain name cannot be transferred to another registrar without having it turned off. Some go as far as keeping it “on” unless they get verbal confirmation that it should be transferred.
- Check the WHOIS data on the domain name. Check it publicly on a public WHOIS, such as at ICANN’s WHOIS, WhoQ, or at your registrar. Make sure it’s correct, even the email addresses. If the domain name is using WHOIS Privacy, send an email to the obfuscated email address to make sure you get the email.
- Renew your domain name for several years. I recommend at least 5 years for valuable domain names (or ones that you don’t want to lose).
- Ask the registrar if the account access can be restricted based on the IP address of the person logging into the account. Ask the registrar if the account can be restricted from logging in by a USB Device, such as a physical Titan Security Key, or a Yubikey. If you have Google Advanced Protection enabled on your Google Account, you will have two physical keys to access that Google Account (and some advanced protection in the Google back-end). You would then have those Advanced Protection keys from Google to protect the domain names on Google Domains.
Some domain name registrars, especially those who take domain name security very seriously, have updated their systems “behind the scenes” so to speak. It’s more difficult for the fraudsters and thieves to steal domain names at those registrars. Some domain name registrars don’t have 24/7 technical support, they may outsource their customer service representatives, and their domain registrar software is outdated.
Domain Name Thefts Occurring Right Now
As I write this now, I just been informed of two very valuable domain names that were stolen from their owners. In both cases, these domain names were stolen by the same domain name thief. The domain names were stolen from one particular domain name registrar in the USA, and then the domain names were transferred to another domain name registrar in China. Both of these companies who own the domain names are, in fact, based in the United States. So, it’s not logical that they would transfer their domain names to a Chinese domain name registrar.
In the case of both domains names, this same domain name thief kept the domain name ownership records in tact, and they both show the former owners. However, in one case, part of the domain name contact record was changed, and the former owner’s address is present, but the last part of the address is listed as a Provence in China, and not Florida, where the business whose domain name was stolen is located.
What tipped us off to these stolen domain cases is the fact that both domains names were listed for sale on a popular domain name marketplace. But, these are domain names worth at least $100,000 each (in my opinion), and were listed for 1/10th of the value. Remember the 1 year old $150,000 Porsche listed for sale on Craigslist for $15,000? It’s too good to be true, and most likely it’s stolen. The same goes for these domain names that are allegedly stolen. The price gives them away, and, in this case, the ownership records (the WHOIS records) also show evidence of the theft.