When someone tries to hack your domain, they’ll typically use one of the two methods:
- They’ll change your DNS configuration, moving name resolution to a server of their choosing, effectively redirecting traffic from your site to another one.
- They will modify your registration contact information, giving themselves full control over your domain.
A hacker may go one step further and change the registration data in the WHOIS database, which can be used as proof that they, not you, are the actual owner of the domain. To further obscure the truth, the attacker might modify payment information or transfer the domain name to a different registrar.
How do they gain access to your domain account in the first place?
There are several ways, like obtaining your domain account login details using phishing attacks, taking advantage of a domain registrar data breach, employing a phone scam in which they request your login credentials, or even pulling sensitive data from your computer using keylogging spyware.
To make matters worse, the people who would steal your domain name will go to great lengths to cover their tracks, and that can make regaining control of a stolen domain very challenging.
In this article, we’ll give you some helpful tips on how to prevent your domain from being compromised. Even the most vigilant domain owners can become the victims of domain hijacking, so we’ve also provided information about how you can recover a stolen domain.
Protecting Your Domain
When it comes to domain security, prevention is the key.
Keeping your domain safe is a million times easier than recovering it after a successful attack.
By taking proactive steps like working with your registrar, enabling domain locking, keeping a watchful eye on your domain account credentials, and guarding against phishing attacks, you can help ensure that your domain stays protected.
In this section, we’ll go over all those steps, and more.
Take Advantage of Domain Locking
When you purchased your domain, the registrar most likely made you aware of a security enhancement called domain locking. It might have even been enabled on your account by default.
Domain locking stops unauthorized transfer of your domain name to another registrar, and it’s a very popular method of ensuring domain name security.
Once your domain is locked, it will be almost impossible for the thieves to redirect your nameservers or transfer your domain name.
Locking your domain will also prevent you from accidentally making a configuration change that takes your site offline or negatively impacts your hosting company’s ability to provide service. Those sorts of changes would require you to temporarily unlock your domain.
With authorization from you, your registrar will unlock the domain when you need to make changes, and then it can be returned to locked status.
You should contact your registrar to verify that your domain is locked. If it’s not, lock it. That’s one of the best ways available for domain owners to keep their domain safe from unauthorized access.
Hide Personal Data with WHOIS Protection
WHOIS protection can make a huge difference when it comes to limiting how much of your personal data is available on the Internet.
The Internet Corporation for Assigned Names and Numbers (ICANN) is the international governing body that oversees domain names.
There’s more about ICANN later in this article. Here, we’re concerned with the organization’s policies that require every domain registrar to maintain a publicly viewable “WHOIS” database. For every registered domain, the database must contain personal contact information, including each domain owner’s street address, telephone number, and email address.
Most registrants offer a security feature called WHOIS protection. Here’s how it works.
To complying with ICANN’s policies, there must be some contact information in the WHOIS record for your domain, but it doesn’t have to be your personal data.
WHOIS protection takes advantage of that fact.
If you’ve opted for WHOIS protection, a person looking up your domain will see the registrar’s company data instead of your personal contact information.
Maintain Current Domain Contact Details
Letting your domain contact information get out of date is like leaving the door of your house unlocked. It’s a way for intruders to gain easy access.
If the administrative email address associated with your domain, for example, is an old email address from a long-expired domain, that could give attackers a way in.
The administrative email address is an especially bad piece of data to not be up to date. Anyone controlling that email address can approve a transfer of the domain to another registrar. If a hacker finds out that the listed email address is not valid, and then creates a bogus account using that address, they’ll get immediate access to your domain account.
Another good reason to make sure your domain contact details are current is so that your registrar can get in touch with you if there’s a problem with your domain. If they discover that your account’s security has been compromised, for example, it would be critical that the registrar can contact you quickly.
Practice Careful Password Management
Being careful with your passwords is important with every kind of account, but it’s especially crucial when dealing with the credentials for your domain account. The serious damage that can be caused by a domain account breach is comparable to what could happen if your bank account login credentials were made public.
With your domain credentials, follow all the typical suggestions: use a strong password, change your password periodically, and never share your login details with strangers.
If your registrar offers it, you should also enable two-factor authentication.
Phishing Attacks Happen, Don’t Get Caught
Phishing attacks combine social engineering with technical trickery as a means of obtaining your private account information. They can come in the form of spoofed emails leading to a bogus website, where the attackers fool people into divulging usernames, passwords, and other account details.
The criminals who perpetrate phishing attacks are clever. They’ll send you an email that looks exactly like one from your registrar, or maybe they’ll even make it appear that ICANN is reaching out to you.
They’ll mimic the design and layout of a genuine email and come up with a convincing email address. For example, your registrar may correspond with you from myregistar.com; phishing attackers will send from an account like myregistarsupport.com or myregistaradmin.com.
One way to guard against phishing attacks is to approach any email from your registrar with caution. Rather than clicking a link in the email, open a web browser and log into your domain account as you normally would. The email may be trying to trick you with a false report of an account issue. If you access your account via the site’s login page and don’t see a notification about the problem, alarm bells should go off.
Other types of attacks involve criminals installing spyware on your computer to steal login credentials using a keylogger application, for example.
To avoid the spyware form of phishing attacks, it’s a must that you install antivirus and spyware software, ensuring that it’s updated regularly. Taking this security measure will prevent criminals from capturing your login credentials.
What to Do if Your Domain Name Gets Stolen
A domain owner can lock their domain, guard their personal information, and take all recommended security steps, and still, somehow, have their domain stolen.
Perhaps there’s been a breach of trust with one of your associates, or your domain registrar was attacked, and criminals obtain access to your account that way. Regardless of how it happens, when your domain name is stolen, you’ll need to spring into action and fix the problem.
In this section, we’ll explain that the first step in recovering your stolen domain should be with your registrar, and if that doesn’t work, call in the big guns—ICANN.
Rely on Your Domain Registrar
If you can get your domain registrar’s support team on the case, that will be the fastest option for recovering your stolen domain.
If you’re not sure who to contact, a WHOIS lookup will identify the registrar and give you the needed contact information.
Depending on your registrar, you may be asked to submit a complaint form to report an unauthorized transfer of your domain, and you’ll need to provide documentation that proves that you are the rightful owner of the domain.
In some cases, as soon as you contact your registrar and explain the issue, they’ll immediately begin investigating your account. If they find clear evidence that someone has stolen your domain, your registrar will help you take the required action to recover it.
There’s one case where the registrar probably won’t help—if the criminals have already transferred your domain to a different registrar. If that’s happened, don’t waste any effort contacting the new registrar, it’s time to go directly to the domain police—ICANN.
Notify the Authorities: ICANN Can Help
When you contact ICANN for help in recovering your domain name, it can go one of two ways.
If you can demonstrate that the domain is rightfully yours, the recovery process will be a breeze.
If you can’t, expect a more complicated ordeal.
ICANN will ask you to produce documentation that proves you own the domain that was stolen. Before we get into the details about which pieces of documentation you’ll need, let’s look at what ICANN is and why they would be able to help you.
ICANN is the number one authority for resolving domain name disputes between individuals or companies. It’s a nonprofit organization that is responsible for the maintenance of namespaces and numerical spaces on the internet. The organization exists to help preserve the operational stability of the internet on a global scale.
To get this powerful organization behind you in your recovery process, you should have the proof-of-ownership documentation that they’ll find useful:
- Your domain history—Copies of registration records that clearly indicate that you are the registrant of record for your domain.
- Billing records—Payment records showing that you have been paying for the domain and that the account is currently paid up.
- Logs and archived content—Web logs and archives of your site’s content that help prove your association with the domain.
- Directories, ads, and brochures—Listings or marking materials that connect you or your company to the domain.
- Phone calls or messages from the registrar—Any communications between you and the registrar, including a WHOIS reporting notice, alerts regarding DNS changes, or any administrative correspondence you had with them.
- Tax and legal documents—Tax returns and tax notices that associate you with the domain, and any business contracts that reference the domain name.
These are the forms of ownership validation that ICANN typically uses to help with domain recovery. Since some may need a notary stamp or require that other parties corroborate the information, it’s a good idea to obtain this documentation proactively.
Being prepared means you’ll be able to produce the needed proof-of-ownership immediately after your domain is stolen. ICANN will instruct you to present the documentation to the current registrar of the hijacked domain, as that’s often all you’ll need to do in order to get your domain name back.
Implement Domain Security, then Relax
Your domain name is vital to your business or blog. It’s as much a part of your brand identity as your business name or logo.
That’s why it’s so important that you protect it.
By following the tips in this article, you’ll help ensure that thieves can’t steal your domain.
Through enhanced domain security and some simple record keeping, you can rest assured that your domain is safe and take comfort in the fact that if it is ever stolen, recovery is possible.
Do you keep your domain protected?