Want to know how much website downtime costs, and the impact it can have on your business?
Find out everything you need to know in our new uptime monitoring whitepaper 2021
After you register the domain for your website, you might take pride in owning your company’s online address. However, from a legal standpoint, you don’t own it. While you can register it, thieves can hijack it from you. Domain hijacking does not receive a lot of attention, but it is a real threat. Domain hijacking is also very frustrating, as it is relatively easy for thieves to hijack a domain, and once they get control, it can be very difficult and expensive to regain it.
Domain hijackers take advantage of security weaknesses at your domain registrar, your email service, or your own security practices. The technical details are quite lengthy, but basically, thieves get control of your domain by convincing your domain registrar that they are you. Then, the thieves transfer your domain to their own account, usually with a registrar located in a different country. Thieves hijack domains for several criminal reasons, but the usual motive is to take control of your domain and then sell the registration back to you.
Domain hijacking is very costly. According to Symantec, a US-based security software company, the annual cost to firms from domain hijacking is about $400 billion (£310 billion). Many high-profile domains have been hijacked in the past, including Google, Forbes, Twitter, and the New York Times.
If thieves hijack your domain, recovering it can be very difficult. If you think that you have been the victim of domain hijacking, you should immediately notify your domain registrar. In some cases, your registrar can help you regain control of your domain if you can prove to their satisfaction that it has been hijacked. However, in many cases, the only recourse that you will have is a lengthy and costly litigation procedure to try to regain control.
Of course, the best way to deal with domain hijacking is not to have it happen in the first place. There are steps that you can take to minimise the risks:
- Choose your registrar wisely. There are hundreds of domain registrars in existence, so be sure to conduct your due diligence to make sure that your domain registrar is reputable.
- Keep your contact information current. Most registrars use email to keep in contact with their clients and to reset passwords, so be sure that your registrar has the correct email address for you.
- Create a secure password. Weak passwords are one of the main reasons that domains get hijacked. Be sure to choose a password that is not easy to guess, and only provide access to the password to individuals in your company who absolutely require it.
- Use a private personal identity. Thieves often do an internet search to find the contact information for domains, so consider registering your domain using the WHOIS Privacy Service, which will keep your contact information private.
- Monitor your domain. Frequently check your domain for any unauthorised changes, and promptly notify your registrar if you notice anything unusual.
- Lock your domain registration. Most registrars will allow you to lock your registration, which will prohibit a third party from transferring, modifying, or deleting it.
- Renew your domain on time. Be aware of the expiration date for your domain registration and renew it before it expires.
By taking these steps, you can help avoid the expense and hassle of attempting to recover a hijacked domain in the future.
StatusCake Team
Share this
More from StatusCake
When Things Go Wrong, Systems Should Help Humans — Not Fight Them
3 min read In the previous post, we explored how AI accelerates delivery and compresses the time between change and user impact. As velocity increases, knowing that something has gone wrong before users do becomes a critical capability. But detection is only the beginning. Once alerts fire and dashboards light up, humans still have to interpret what’s happening,
James Barnes
January 21, 2026
When AI Speeds Up Change, Knowing First Becomes the Constraint
5 min read In a recent post, I argued that AI doesn’t fix weak engineering processes; rather it amplifies them. Strong review practices, clear ownership, and solid fundamentals still matter just as much when code is AI-assisted as when it’s not. That post sparked a follow-up question in the comments that’s worth sitting with: With AI speeding things
James Barnes
January 14, 2026
Make Your Engineering Processes Resilient. Not Your Opinions About AI
4 min read Why strong reviews, accountability, and monitoring matter more in an AI-assisted world Artificial intelligence has become the latest fault line in software development. For some teams, it’s an obvious productivity multiplier. For others, it’s viewed with suspicion. A source of low-quality code, unreviewable pull requests, and latent production risk. One concern we hear frequently goes
James Barnes
January 8, 2026
Blog
How to monitor IPFS assets with StatusCake
3 min read IPFS is a game-changer for decentralised storage and the future of the web, but it still requires active monitoring to ensure everything runs smoothly.
Daniel
January 9, 2025
Engineering
What’s new in Chrome Devtools?
3 min read For any web developer, DevTools provides an irreplaceable aid to debugging code in all common browsers. Both Safari and Firefox offer great solutions in terms of developer tools, however in this post I will be talking about the highlights of the most recent features in my personal favourite browser for coding, Chrome DevTools. For something
Alexandra Moore
April 17, 2023
Engineering
How To Create An Animated 3D Button From Scratch
6 min read There has certainly been a trend recently of using animations to elevate user interfaces and improve user experiences, and the more subtle versions of these are known as micro animations. Micro animations are an understated way of adding a little bit of fun to everyday user interactions such as hovering over a link, or clicking
Alexandra Moore
April 17, 2023