Lately I’ve been receiving a lot of questions around domain security. As many of you know I run the website DomainTheft.org where I receive theft reports from people whose domains have been stolen. I’ve helped a number of people recover their domains and through this experience I’ve learned the most common ways a domain can be stolen.
There are many different ways to prevent domain theft but I thought it would be the most beneficial to my readers to compile the top five ways you can prevent domain theft. Since it is next-to-impossible to involve law enforcement in domain recovery (try explaining to a police officer that your domain name was stolen and see what he/she says!) it is up to the domain-owner (sometimes with the help of the registrar) to do everything they can to keep their domains secure.
1) Don’t use a GMail, Yahoo mail, or any other free web-based email account as the Admin or Tech contact for your domains.
Free webmail services are easy compromised by even novice hackers. The email account associated with your domain is the most important link in the domain transfer process. If someone gains access to this account they might be able to transfer your domain without you ever knowing – or at least not noticing until it is far too late.
2) Lock your Domain Names
This may seem like a simple concept but it is oftentimes overlooked. When you purchase a domain from someone on a forum or through an expiry service it may come-into your account “unlocked”. By simply locking the domain you can help prevent transfers even if someone does gain access to your email account since a domain must be unlocked to transfer it.
3) Don’t use completely unknown registrars
I’ve seen a growing number of domain thefts from people who registered their domains with a completely unknown registrar. When they try to contact the company they get someone’s voicemail or even worse the hiss and beeping of a fax line. If your domain name is stolen the registrar can be a key ally helping you to get it back. Pick a registrar that you know you can get in touch with 24/7 – and not trying to name names – okay I’ll name one – stay away from 1&1.
4) Don’t sell High-Value domains using Pay Pal
One of the most common domain theft scams is when a thief offers to buy your $5,000 domain with Pay Pal. Steer clear of this as it’s a great way to unknowingly give-away your domain to a thief. I always like to compare this to buying a car. Would you sell someone your $30,000 BMW and accept a personal check? No – you’d expect a cashiers check. Pay Pal is rampant with fraud and way people get-away with it is by buying your domain, you transfer it to them once you receive the money, then they contact their credit card company and say that some unknown charge from Pay Pal appeared on their account and they think their card was compromised. I see a lot of these cases at DomainTheft.org and there is little that can be done once you’ve already transferred a domain to someone else – especially if they are out of the country.
5) Work with your Registrar
If your domain is stolen contact your registrar immediately. Companies like GoDaddy, Name.com, Fabulous.com and Moniker.com are all very good at helping domain owner recover stolen domains.
As the Domaining industry continues to grow, domain security will become increasingly important. Now is the time to make sure your domains are secure and report stolen domains and forum scammers. If we work together we can all do our part to help prevent domain theft.