Domain hijacking, or domain theft, occurs when a person improperly changes the registration of a domain name without the permission of the original registrant. A domain can be hijacked for various reasons: to generate money through click traffic, to resell it to the appropriate owner or a third party, to add value to an existing business, for malicious reasons, or to achieve notoriety.
The costs of domain hijacking are significant. According to Symantec, a security software company, in 2012, the economy lost $ 400 billion as a result of domain hijacking incidents and related crimes. A variety of domain names have been hijacked in recent years, including the US Marines, The New York Times, Twitter, Google, The Huffington Post, Forbes.com, and Craigslist.
Once a domain is hijacked, it is difficult to get it back. If you suspect that your domain has been hijacked, immediately contact the company with which you registered the domain. To the extent that the registrar can confirm that your domain has been hijacked, the registrar should work to help you transfer the domain name to you. However, it is rare to recover damages incurred during the period when the domain was improperly in the hands of a third party.
There are few alternative actions if the registrar does not act or cannot act. Both ICANN litigation and procedures can be costly and time consuming. Neither option can adequately protect your online business and reputation during the procedure. In some cases, it may be cheaper to simply create a new website and register a new domain.
Due to the risks associated with domain hijacking, it is important that companies take steps to make any hijacking attempts more difficult. First, make sure the registrar you register your domain with is trustworthy. There are hundreds of registrars, so it’s important to do your research. You can also consolidate all of your domain names with one registrar, simplifying your ability to monitor all of your domains.
Second, make sure your contact information is up to date. Registrars tend to use email as their primary means of communication and to reset their account passwords. If that email expires for any reason, someone else can change your domain registration more easily. Consider using an administrative email so that you don’t have to update the email every time the person responsible for the domain name changes.
Third, protect your usernames and passwords. As with other passwords, make your password difficult to guess. Limit access to only those who absolutely need it.
Fourth, consider using the Whois Privacy Service, which makes your contact information private. However, this option can have drawbacks. For example, it can be difficult to prove that you are the true registrant of the domain if this feature is enabled. It can also create additional delays in case you have to use a legal process to recover a hijacked domain.
Fifth, monitor your domain for unauthorized changes. Be sure to regularly check your information and to contact your registrar if you find anything unusual.
Sixth, consider a registrar lock. Many registrars offer the ability to block a domain, which prohibits a third party from transferring, modifying or deleting it.
Finally, be sure to carefully monitor the expiration of your domain name registrations. Once a domain has expired, someone else can easily register it. In fact, some people use automated programs that allow them to monitor expired domains, buy them, and then try to sell them to the original registrant or third parties. For those domains that are critical, it is worth considering renewing registrations early and for longer periods of time.
Follow these simple steps now and help avoid the hassle and expense of trying to get your domain back in the future. If you need additional help with domain name hijacking or domain name theft, visit our website for additional domain name recovery and domain name litigation techniques.