Protect your business from domain hacking


Date: 13 December 2019

A faceless hacker maliciously takes over a legitimate business domain name.

A domain name is an essential part of every website’s identity. As it can only belong to one site, it is vital to maintain its exclusivity. Unfortunately, registering the domain name to a reputable registrar doesn’t eliminate the threat of domain hijacking.

To keep your business protected, it is essential to know how to protect a domain name from bad actors, and how to recover it in case the worst happens.

What is domain hijacking?

Domain hijacking is an unlawful act committed by hackers who gain control of a website’s domain name registration information without the owner’s consent. This event is a result of security flaws on either the user’s or the domain registrar’s end.

In most cases, domain thefts happen as hackers successfully overtake the administrator’s email account. They likely obtain the admin email address from the WHOIS database and use that information to launch brute-force attacks. Alternatively, hackers exploit the registrar’s security vulnerabilities to get access to the back-end system and, ultimately, your registration account.

Once hackers gain administrative access to the target’s domain control panel, the targeted site can fall victim to these hijacks:

  • Domain transfer: Hackers can transfer your domain’s ownership to another account or even a different domain registrar. In this case, you might need legal help to reclaim the stolen domain.
  • Pharming: Visitors get redirected to another website that contains offensive content. This hijack can result in a damaged reputation and lost revenue.
  • Phishing: The stolen domain name is used to create a fake website that collects other people’s personal and financial information. This type of hijack commonly targets ecommerce sites as they are able to attract unsuspecting customers.
  • Blackmail: Considering how valuable a domain name is to a business, hackers can sell it to the owner’s competitor or use it as a ransom. Even if you manage to reclaim the domain name, the legal process can be costly and take a while to finalize.

A security guard checks a building for intrudersPreventing domain theft

There are several ways to secure your domain name from hijacking:

  • Use a reputable domain name registrar. While retail domain registrars charge lower registration fees, they often lack long-term financial security and proper security features. If your domain provider goes out of business, there’s no guarantee that you can maintain your domain name’s exclusivity. Therefore, it’s best to register your domain with an ICANN-accredited registrar.
  • Avoid registering a domain name under an individual’s name. This rule mainly applies to domain names that contain a company’s trademark. If that person parts ways with your company, they legally have the right to claim the domain. Instead, make sure to register it as property of the business.
  • Add WHOIS privacy protection to your domain name. This security feature is available as an individual product that you can buy from your respective domain registrar. It will guard your domain’s contact details, locking them from public viewing in the WHOIS index. Despite its benefits, not all TLDs can use WHOIS Privacy. Thus, make sure to cross-check your domain’s eligibility for this service with your domain provider.
  • Secure your domain registrar account. Similar to other types of accounts, the simplest preventive measure you can do is to use a strong password and enable two-factor authentication. At the bare minimum, it’s best not to share your domain’s contact details with unrelated parties.
  • Check your domain name’s exclusivity expiry date regularly. As your ownership of a domain does not last forever, failure to renew its registration can result in loss of its exclusivity. If this happens, the domain will be eligible for purchase legally, jeopardizing your brand reputation.
  • Implement a registry lock to add an extra layer of security. Offered by domain providers, this security feature uses an authentication system in which unauthorized updates, transfers, and deletions require both the registrant’s and registrar’s confirmation.

How to recover a stolen domain name

Should the worst-case scenario happen, the first thing you need to do is contact your domain registrar or an ICANN registrar. Your domain registrar will appeal to ICANN’s Registrar Transfer Dispute for the new registrar to retransfer the domain.

Despite so, there are times when even ICANN cannot recover your stolen domain name. If hackers transfer your domain to another registrar in a different country, your next best option is to get legal help and present your case in court.

Regardless of the resolution, it is vital that you carry out damage control to prevent further harm to your reputation, by reaching out to your audiences.

Legal rights in domain name ownership

Contrary to popular belief, registering a domain name does not guarantee the right to complete ownership. If another party has trademarked the name conveyed in the domain, the trademark owner can file a trademark infringement claim to revoke the domain’s ownership. Unlike domain names, a name used in commerce is considered intellectual property.

In the event of trademark infringement, the domain’s owner can lose the domain name and be liable for any legal costs incurred during the legal proceedings. Therefore, it is advisable to cross-check the status of your chosen domain name with the intellectual property office of your country and WIPO trademark database before registering it.

Accordingly, you can secure your domain’s name by seeking patent protection on the national or international level. Trademarking the name is a good preventative measure to avoid any future legal disputes regarding ownership.

Copyright 2019. Featured post made possible by Mary Derosa, passionate blogger and the chief editor at her own content marketing company

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.