Domain hijacking, or domain theft, occurs when a person improperly changes a domain name registration without the permission of the original registrant. A domain can be hijacked for various reasons: to generate money through click traffic, to resell it to the right owner or a third party, to add value to an existing business, for malicious reasons, or to gain publicity.
The costs of domain hijacking are significant. According to Symantec, a security software company, in 2012, the economy lost $400 billion as a result of domain hijacking incidents and related crimes. A variety of domain names have been hijacked in recent years, including US Marines, The New York Times, Twitter, Google, The Huffington Post, Forbes.com, and Craigslist.
Once a domain is hijacked, it’s hard to get it back. If you suspect your domain has been hijacked, contact the company you registered the domain with immediately. To the extent that the registrar can confirm that your domain has been hijacked, the registrar should work to help you transfer the domain name to you. However, it is rare to recover damages suffered during the period in which the domain was improperly in the hands of a third party.
There are few alternative actions if the registrar does not or cannot act. Both ICANN litigation and proceedings can be costly and time consuming. Neither option can adequately protect your online business and reputation during the procedure. In some cases, it may be cheaper to just create a new website and register a new domain.
Due to the risks associated with domain hijacking, it is important that companies take steps to make any hijacking attempts more difficult. First, make sure that the registrar you register your domain with is reputable. There are hundreds of registrars, so it’s important to do your research. You can also consolidate all of your domain names with one registrar, simplifying your ability to monitor all of your domains.
Second, make sure your contact information is up to date. Registrars tend to use email as their primary means of communication and to reset their account passwords. If that email expires for some reason, someone else can change your domain registration more easily. Consider using an administrative email, so you don’t have to update your email every time the person responsible for the domain name changes.
Third, secure your usernames and passwords. As with other passwords, make your password hard to guess. Limit access to only those who absolutely need it.
Fourth, consider using the Whois Privacy Service, which makes your contact information private. However, this option may have drawbacks. For example, it may be difficult to prove that you are the real registrant of the domain if this feature is enabled. It can also cause additional delays if you have to use legal process to recover a hijacked domain.
Fifth, monitor your domain for unauthorized changes. Be sure to regularly check your information and contact your registrar if you find anything unusual.
Sixth, consider a registrar lock. Many registrars offer the ability to lock a domain, which prevents a third party from transferring, modifying, or deleting the domain.
Finally, be sure to carefully monitor the expiration of your domain name registrations. Once a domain has expired, someone else can easily register it. In fact, some people use automated programs that allow them to monitor expired domains, buy them, and then try to sell them back to the original registrant or to third parties. For those domains that are critical, it is worth considering renewing registrations early and for longer periods of time.
Follow these simple steps now and help avoid the hassle and expense of trying to get your domain back in the future. If you need additional help with domain name hijacking or domain name theft, please visit our website for additional domain name recovery and domain name litigation techniques.