Lately, there’s been an uptick in the Amount of domain names I am not sure if it’s due to the globalpandemic and folks are becoming more desperate for cash, or if domain namethieves are taking advantage of the shifting digital and techatmosphere. COVID-19 is causing more people to become online and conduct business online. But this also means that many do not fully understand how to properly protect their digital assets, such as domain names. This may be why we’re seeing more and more online scams, phishing like Google Ads phishing, and internet theft generally.
When I think of digital assets, I think of many distinct types. Our digital assets can consist of access to a bank account online, access to accounts like cryptocurrency accounts, and payment transactionsites such as PayPal, Masterbucks, and Venmo. Then there’s online shopping websites’ logins, such as Amazon, Walmart, Target, and eBay, where most likely you have an account where your payment data is saved. Apple Purchase and Google Pay are others, as well as your website hosting account that manages your email (unless you use Gmail.com or Outlook.com), and, finally, your domain . In case your domain namegoes missing, then you eliminate a lot: access to email, as well as your site probably will go down, where you are going to eliminate visibility, online sales, and clients. Online thieves are hacking websites and anywhere there is a login, because they’re attempting to access your digital assets.
Protecting Online Accounts
Many of us are now Utilized to protecting our online accounts by using a Unique, protected password for every login that we’ve got online. An significant part protecting digital assets, and domain names, is to ensureyou have a secure password and two-factor authentication set up to your login in your domain nameregistrar. In many cases, if a thief gains access into an account in a domain nameregistrar, the results can be catastrophic if you do not have additional protections in place to protect your domain .
Hackers who gain access to a domain nameregistrar’s account can do a few things that would disrupt your business:
The thief or hacker can make changes to the DNS records for your domain . They can point the domain name to another web server, perhaps their”copy” of your site. You’d think it’s the copy, but the copy could contain malicious code.I’ve even seen them direct online sales from a copy of your site to them so they benefit monetarily from it via identity theft or diverting funds.
The thief or hacker can push the domain name in their account. They may even keep your contact info about the WHOIS record so it seems like you still own itbut the domain namemay be transferred in their account. When it’s out of your accounts and you no longer control the domain , then they’ve stolen the domain nameand mayresell it. As soon as they start the transfer then they’veattempted to steal the domain , and as soon as it’s transferred then it’s regarded as stolen. They can keep the same name servers so it points to your site, so you don’t detect that it’s stolen.
Digital thieves know that domain names are valuable, since they are Digital assets that can be sold for tens of thousands, tens ofthousands, hundreds of thousands, as well as millions of dollars. Regrettably, domain namecrimes typically go un-prosecuted. In many cases, the domain thieves aren’t located in precisely the same country as the sufferer. They allhave the same thing in common: they wish to benefit monetarily from stealing the domain name. Here’s a few domain namecrimes that I’ve found lately:
A organization’s account in a domain nameregistrar was hacked (using social engineering). The company was involved in cryptocurrency, thusgaining access to the domain name allowed for the hackers to get the organization’s crypto exchange.
The domain thief posed as a domain namebuyer, telling the domain nameowner they wanted to purchase their domain namefor a few thousand dollars. The buyer and seller agreed to a cost, the thief told them they could pay them via cryptocurrency. The seller transferred the domain name once they were given details of the cryptocurrency trade. After the seller attempted to get the cryptocurrency and”cash in”, it was invalid. They were scammed, and dropped the domain .
A domain name owner who has a portfolio of valuabledomain names gets their accounts hacked in a domain nameregistrar. The owner doesn’tcomprehend this, and the domain names are transferred to another registrar in another nation. The gaining registrar is uncooperative (or in about the theft), and will not return the domain names.
A domain name owner has his or her accounts hacked in the domain nameregistrar and domain names are transferred out to another registrar. They then sell the domain names to somebody else, and the domainsare transferred yetagain to another registrar. This occurs several times, with various registrars. Those who bought the domain names do not know they’re stolen, and they lose any investment they made in the domain names. Sometimes it’s difficult to unravel cases similar to this, asthere are numerous owners and registrars involved.
All ofthese happened in the previous two to three weeks. And are only Examples of where the domain name owner could have done something to block the domain name theft. In the case of the domain namesale scam, the vendor must have employed a domain nameescrow service, there are numerous reputable escrow services, such as Epik.com’s Domain Escrow Services, as well as Escrow.com that manages domain name sales.
So just how do you minimize the risk of your domain namegetting stolen?
Move your domain to a protected registrar.
Log into your accounts account on a regular basis.
Setup registry lock(transfer lock) on your domain.
Check WHOIS information regularly.
Renew the domain for many years or”forever”.
Use additional security attributes at your own Password.
Shield your domain with a domain name warranty.
Consider moving your domain nameto a protected domain name registrar. You will find registrars that haven’t kept up with common safetypractices, like allowing you to set up 2-Factor Authentication inyour accounts, Registrar Lock (which halts domain nametransfers), as well as preparing a PIN number on your accounts for customer supportinteractions.
Log into your domain nameregistrar’s accounts on a regular basis. I Can’t really say how frequently you need to do this, but you ought to get it done on a regular schedule. Log in, be sure to have the domain name(s) on your accounts, make sure they’re on auto-renew, and nothing appears out of the ordinary. This less-than-5-minute task could literally save your domain namefrom being stolen.
Establish Registrar Lock or”transfer lock” on your domain . Some Registrars call it”Executive Lock” or something comparable. It is a setting that makes sure the domain namecannot be transferred to another registrar without having it turned off. Some go so far as keeping it”on” unless they get verbal confirmation that it needs to be transferred.
Check the WHOIS information on the domain . Test it openly on a Public WHOIS, like in ICANN’s WHOIS, WhoQ, or in your registrar. Make sure it’s correct, even the email addresses. In case the domain nameis using WHOIS Privacy, send an email to the obfuscated email address to make sure to make the email.
I recommend at least 5. Years for precious domain names (or ones you don’t wish to shed). You can get a “forever” domain nameregistration in Epik.com.
Ask the accounts in the event the accounts access can be restricted based on The IP address of the person logging into the accounts. Ask the registrar if the accounts can be restricted from logging in by a USB Device, like a physical Titan Security Crucial, or even a Yubikey. In case you have Google Advanced Protection enabled on your Google Account, you will have two physical keys to get this Google Account (plus some innovative security in the Google backend). You’d then have those Advanced Protection keys out ofGoogle to protect the domain names on Google Domains.
Look at protecting your domain (s) with a domain name warranty or support that protects these digital assets, such as DNProtect.com.
Security really seriously, have upgraded their systems”behind the scenes” so to speak. It is more difficult for the fraudsters and thieves to steal domain names at these registrars. Some domain name registrars do nothave 24/7 technical support, they can outsource their customer supportagents, and their domain registrarsoftware is obsolete.
Domain Name Thefts Occurring at This Time
As I write this now, I have been informed of at least20 very Valuable domain names that were stolen from their owners at the last 60 days. As an example, of two cases I personally confirmed, the domain names were stolen from one specific domain nameregistrar, based in the united states. The domain names were transferred to some other domain nameregistrar in China. Both ofthese companies who own the domain names are, in reality, based on the United States. Thus, it’s not plausible that they wouldmove their domain names into some Chinese domain name registrar.
In the case of the domain names, this Exact Same domain namethief kept The domain name ownership documents intact, and they show the formerowners. However, in 1 case, part of the domain namecontact record was altered, along with the prior owner’s address is present, but the last partof the address is recorded as a Province in China, and not Florida, wherethe firm whose domain name was stolen is situated.
What tipped us off into these stolen domain is the factthat both Domains were listed available on a favorite domain name market. But, these are domain names where the general consensus of the value would be over $100,000 each, and were recorded for 1/10th of their value. Remember the 1 year old $150,000 Porsche listed available on Craigslist for $15,000? It is too good to be true, and probably it’sstolen. The same is true for all these domain names that are supposedly stolen. The purchase price gives them away, and, in this scenario, the possession records (the WHOIS documents) also show evidence of the theft.
Digital resources, and make sure they are with a domain nameregistrar That’s evolved and adapted with the times. A few minutes spent Sensibly, securing your digital assets, is critical in times such as these. It can be the difference between your precious digital assets and web Properties being guarded, or potentially subjected to theft and risk.