The domain name is one of the most valuable assets for a business that has a strong online presence. It is associated with a certain level of trust and a loss of a domain name can have serious consequences. However, the value of the domain is also a very tasty treat for cybercriminals who employ several methods to either take control of a valuable domain name or exploit user trust in that domain name.
Domain Name System (DNS)-
Every top-level domain (TLD), for example, .com or .info, is managed by an organization called a domain name registry, which is appointed by the Internet Corporation for Assigned Names and Numbers (ICANN). The biggest domains are managed by major businesses or organizations such as Verisign (.com and .net), Public Interest Registry (.org), and more. National domains are managed by organizations in their respective countries. However, registries are often not the ones who handle domain name registration for businesses and individuals.
Companies that handle domain registration are called domain name registrars and they are usually accredited by domain name registries (in some cases, for example, for national domains, they may be the same company). However, accredited registrars may also subcontract non-accredited registrars to sell more. The importance of this fact is that the non-accredited companies have to handle all potential disputes with the accredited registrars, which makes such disputes longer and more difficult.
Every registry has its own rules for domain ownership, domain transfer, and more. However, in the case of the most popular TLDs, you are able to register the domain using one registrar and then transfer control over the domain to another registrar, for any reasons you deem fit (for example, better pricing scheme or better customer experience). The process is a bit more complicated than registering a new domain but still fairly straightforward. This process, however, is the reason why domain hijacking is possible.
The concept behind Domain Hijacking:-
The term Domain hijacking (domain name hijacking, domain theft) applies to a situation when a malicious party actually takes over the control of a domain name. The rightful owner loses control of the domain name in the process. There are several ways that cybercriminals try to employ to hijack a valuable domain:
The most effective method is social engineering (including phishing). A hijacker may impersonate an employee of the business or the domain registrar over the phone to get login information for the actual domain registrar. A criminal may also create a phishing campaign aimed at your business. Employees responsible for domain management could be fooled into entering login credentials on a fake page. Once the hijacker gets their hands on credentials, the rest is easy: they use the credentials to transfer the domain to another registrar, usually abroad and often shady.
The hijacker may also attempt to infect your systems with malware (often using social engineering as well). Malware such as a trojan or a keylogger lets the criminal obtain credentials for the domain control panel.
A rare case, but nevertheless possible, is exploiting a vulnerability in the domain name registrar system. If a vulnerability like this exists, it may allow a criminal to access functionality required to transfer the domain to another registrar. Unfortunately, such vulnerabilities might appear for major and globally trusted registrars just as well.
If you use a weak password in the domain control panel, a hijacker may try to guess it. This, again, depends on the choice of the registrar: some may have better protection against password guessing (such as time-based lockouts), and the best ones even give you a two-factor authentication option, which makes such password guessing useless.
Domain hijackers may also carefully wait until the domain is about to expire and hope that it does not get renewed in time due to a human mistake (notable examples: Microsoft forgetting to renew passport.com in 1999 and hotmail.co.uk in 2003). Most registrars are very aggressive with their renewal reminders, but your email system may classify them as spam. Such opportunities are the worst to recover from because it’s not illegal to buy an expired domain. Opportunists may also watch for the availability of domain names that you no longer use, for example, those bought for marketing campaigns or representing your old business trademarks.
How to prevent it:-
1. Choose a good domain registrar company
There are many types of domain registrars, all offering the same basic service: they allow you to register a domain name.
Some are cheaper than others, but that shouldn’t be your only consideration. When picking your domain name registrar for new registrations or domain transfers, take a look at the advanced and extra features they offer. For example:
1. Two-factor authentication
2. DNS management
3. Technical support
2. Enable two-factor authentication
This includes your domain name register, where all your domain names are located. If someone is able to get your username and password, the second layer of authentication can really protect you from losing control of your domains.
3. Always enable domain locking
Domain locking is a common security enhancement offered by all domain name registrars: it allows you to prevent unauthorized domain name transfers to another registrar.
4. Enable WHOIS protection
Having your WHOIS protection enabled can really help reduce the amount of personal data you expose to the Internet. This includes: Address, City, state and country, Telephone number, Email address
5. Use a strong password
Using a strong password will help you prevent brute force attacks and unauthorized access to your accounts.
Have this in mind when setting a new password:
It must have 8 characters or more.
Try to avoid using dictionary-based words.
Include a combination of uppercase and lowercase letters, numbers and symbols.
6. Change your password periodically
Most security companies recommend changing your passwords after 72 to 90 days.
7. Keep your domain contact details updated
Here’s another key to increasing domain security: always keep your domain contact information accurate and updated.
We’ve heard a lot of stories about domain names being hijacked because the contact information included an old, expired domain-based email address, something hackers can easily use to their advantage.
8. Never share your domain register login details with strangers
Keep your domain registrar login details protected at all costs. This includes not sharing login details with anyone who can’t be trusted one hundred percent.
9. Pay attention to the incoming email details
Phishing attacks happen every day. It’s dangerous business, something that can reach you in the form of a simple incoming email from your domain registrar, or even the ICANN.
Scam and phishing emails are often sent by forging a trusted sender’s email address, or from a domain name similar to the original one from your registrar company.
If you ever receive a suspicious email from your registrar asking you to click a link or requesting your client area username or passwords, don’t do it. Always contact your domain registrar from the official web page (never click on any link inside the suspicious email) and forward the email you received to their technical support so they can determine whether it’s real, or if it is indeed a phishing attack.
10. Don’t use the same company for domain registration and web hosting services
A lot of domain registrars also offer web hosting services like shared hosting or dedicated servers. Their goal is to keep all your business within their company to sell you complimentary products. This can be appealing if you want to keep all your eggs in one basket.
Your domain name is just as important as your code and apps. If you lose it, your business may decline, clients will be confused if they can’t reach you, your SEO rankings will drop if someone replaces your original content with new material (preventing you from processing new sales… in a few words, it’ll be a disaster.
But by following the prevention tips we’ve provided, you can ensure the chances of domain hijacking happening to you will be tremendously reduced. You’ll gain peace of mind knowing your domain names are secure to the greatest degree possible.
The recovery process is usually manual, may take some time, and your domain registrar may have to opt to invoke ICANN Registrar Transfer Dispute Resolution Policy. However, in most cases, you will be able to regain full control of the domain.