It always bugs me when articles tell consumers something about domain names that just isn’t true. Yes, it happens all the time, and yes, it gets me every time. In many cases I find articles that overall are pretty solid that throw in something that makes me scratch my head. That head scratcher happened to me today when I was reading an article about domain theft, in it, it says:
The first thing you need to know about domain name thefts is how you can become a victim. The thieves view people’s whois details and use it to hack them. (Source – jbklutse.com)
Huh? Let’s get real. If stealing someone’s domain name meant simply viewing information in their public WHOIS we’d have a major crisis on our hands. The reality is, there shouldn’t be anything in your WHOIS that would allow you to get hacked, and unless you’re storing passwords in there, you should be okay.
The most common form of domain theft I’ve seen over the years is someone who offers to buy your domain and asks if they can pay via Pay Pal. They make the payment, you transfer the name and then they contact their credit card company and report the charge as fraudulent, or contact Pay Pal and say that they never got the merchandise. Either way, it’s a lot less of a sophisticated hack than it is a basic scam.
The article does mention a great tip for preventing domain theft, two-factor authentication, and this really should be something that every single person does at all of their registrars. If you haven’t done this yet – do it now. Of course this doesn’t mean you’re perfectly safe, but you’re a lot safer since someone could hack into your email account and still not be able to login to your registrar account.
On top of using two-factor authentication, it’s also critically important to use a well-known and trusted registrar. My three favorites are Uniregistry, NameCheap, and Go Daddy. Buyer asking you to use Pay Pal? Use Escrow.com instead and your chances of getting scammed drop dramatically.
The reality is, there are plenty of people out there using random insecure registrars, not using two-factor authentication, and accepting payment via Pay Pal. Fix these three things and don’t worry about your WHOIS because that’s really not how people are going to “hack” you.
What do you think? Are the three tips I mentioned above the best way to prevent domain theft? I want to hear from you – comment and let your voice be heard!