After you register the domain for your website, you might take pride in owning your company’s online address. However, from a legal standpoint, you don’t own it. While you can register it, thieves can hijack it from you. Domain hijacking does not receive a lot of attention, but it is a real threat. Domain hijacking is also very frustrating, as it is relatively easy for thieves to hijack a domain, and once they get control, it can be very difficult and expensive to regain it.
Domain hijackers take advantage of security weaknesses at your domain registrar, your email service or your own security practices. The technical details are quite lengthy, but basically, thieves get control of your domain by convincing your domain registrar that they are you. Then, the thieves transfer your domain to their own account, usually with a registrar located in a different country. Thieves hijack domains for several criminal reasons, but the usual motive is to take control of your domain and then sell the registration back to you.
Domain hijacking is very costly. According to Symantec, a US-based security software company, the annual cost to firms from domain hijacking is about $400 billion (£310 billion). Many high-profile domains have been hijacked in the past, including Google, Forbes, Twitter and the New York Times.
If thieves hijack your domain, recovering it can be very difficult. If you think that you have been the victim of domain hijacking, you should immediately notify your domain registrar. In some cases, your registrar can help you regain control of your domain if you can prove to their satisfaction that it has been hijacked. However, in many cases, the only recourse that you will have is a lengthy and costly litigation procedure to try to regain control.
Of course, the best way to deal with domain hijacking is not to have it happen in the first place. There are steps that you can take to minimise the risks:
- Choose your registrar wisely. There are hundreds of domain registrars in existence, so be sure to conduct your due diligence to make sure that your domain registrar is reputable.
- Keep your contact information current. Most registrars use email to keep in contact with their clients and to reset passwords, so be sure that your registrar has the correct email address for you.
- Create a secure password. Weak passwords are one of the main reasons that domains get hijacked. Be sure to choose a password that is not easy to guess, and only provide access to the password to individuals in your company who absolutely require it.
- Use a private personal identity. Thieves often do an internet search to find the contact information for domains, so consider registering your domain using the WHOIS Privacy Service, which will keep your contact information private.
- Monitor your domain. Frequently check your domain for any unauthorised changes, and promptly notify your registrar if you notice anything unusual.
- Lock your domain registration. Most registrars will allow you to lock your registration, which will prohibit a third party from transferring, modifying or deleting it.
- Renew your domain on time. Be aware of the expiration date for your domain registration and renew it before it expires.
By taking these steps, you can help avoid the expense and hassle of attempting to recover a hijacked domain in the future.