Did you know domain names get stolen often?
Hackers break into domain accounts and transfer the domain to themselves without the knowledge of the domain owner.
You can not only lose your domain name but the hacker can also use your brand for malicious purposes and defraud your customers, all of which can damage your business.
Follow this guide to protect your domain name and prevent this from happening to you. We’ll also give you step-by-step measures you can take to recover a domain name if it has been stolen from you.
Why Do Hackers Steal Domains?
Domains are valuable online real estate. Hackers can resell it to make a quick profit. They can also demand a ransom from you or try to dupe your customers into buying fake products.
There are many reasons why hackers go after domain names. The main motivations include:
- Money: Make a profit from your domain.
- Data theft: Steal sensitive business data, customer data, and payment information that can be sold on the black market.
- Competition: Interfere with your operations and communication to bring down your business.
- Hacktivism: Use your website to display political agendas, religious beliefs, and the like.
- Scams: Misuse your trusted brand name to sell counterfeit products and defraud customers.
Domain hijacking is actually easier than most attacks. The most common way they attack your domain is by breaking into the admin account where they can initiate the domain transfer.
They take control of a domain name by transferring domain ownership without the current owner’s permission.
Now that you have a better idea of what domain hijacking is and what motivates hackers to do it, we’ll show you what makes your domain vulnerable to these attacks.
How Does a Domain Get Hijacked
If you’re using a reliable domain registrar, you can rest assured that they’ve taken adequate measures to protect your domain ownership and your account.
But hackers are always trying to find new methods to break in and steal valuable things. And most vulnerabilities are caused by domain owners themselves. They could be using a password that’s really easy to guess or they may be using public wifi that leaves their internet activity exposed.
Below, we’ll explain the most common ways hackers are able to steal a domain:
- Brute force: If you’re using common usernames and passwords, hackers may be able to guess it easily. They program bots to make hundreds of guesses every minute. This is called a brute force attack where they simply guess your login details, gain access to the control panel, and change the domain ownership details. Another way they can get your hands on your credentials is by buying leaked or stolen data on the black market.
- Malware: Hackers may attack your computer or website to infect your database, browser, system, or server. Depending on the kind of malware they use, they could obtain unauthorized access to your domain.
- Phishing: Attackers send fake emails to trick you or your team into giving them your DNS (Domain Name System) details and login credentials.
- Vulnerabilities: There are rare circumstances where the domain registrar itself could face a vulnerability in their platform. If hackers know this exists, they could take advantage to gain access to multiple user accounts.
Now there are also times when a person doesn’t have to be a hacker or have malicious intent to get their hands on your domain. For instance, if they’ve had their eye on your domain name for a while, a simple check in the WHOIS database will tell them the expiration date.
They may place a backorder on your domain or use a domain broker to snag the domain as soon as it expires. If you miss the renewal date, they can grab it even before it goes back on the public market. It is perfectly legal to find and buy expired domain names.
There are many cases where people feel their domains were stolen from them but the truth is that they failed to renew the domain in time. The only way to get it back, in this case, is to convince the current owner to sell it back to you.
If you have a copyright on your domain, then you can use that to pursue a legal route and prevent them from using the domain for their own purposes.
What Happens If My Domain Gets Stolen?
Having your domain name stolen can be devastating.
- You could lose your entire website and all that you worked hard for.
- You’ll have to spend time and money raising disputes to try to get it back.
- When you don’t have control over your domain, hackers might misuse your name. They can use it for malicious purposes that malign your brand name and reputation.
- Hackers can send fake emails to customers and clients.
- Your users could be put at risk of downloading malware, being scammed, or buying fake products,
- Your brand name can be tarnished if hackers display their own malicious content on your site.
- Your domain can be blacklisted by Google and flagged as spam by email providers.
- You could lose your SEO rankings as hackers redirect your traffic to illicit websites.
For instance, if your website is example.com, they can hijack your site to start ranking for pharma keywords to sell illegal/banned drugs. When people click on this through Google search results, they’ll be redirected to a page where they can buy these drugs.
The potential risks are severe so you need to take strong measures to protect your domain. In case your domain has already been stolen, you need to get it back as soon as you can.
Follow our step-by-step process to recover a stolen domain and prevent domain theft.
How to Recover a Stolen Domain
If you’re trying to recover a stolen domain, you need to know what stage of transfer it is at.
All domain registrars must lock a domain for 60 days after registration, renewal, or transfer. This is a safety measure to prevent any unauthorized person from reselling the domain for at least 60 days.
So if someone steals your domain, they cannot transfer or sell it for at least 2 months. This gives you plenty of time to file a dispute.
While the process may differ slightly with every domain registrar, here’s the basic process you need to follow:
Step 1: Report the Theft to Your Domain Registrar
When you notice that your domain is not under your ownership, you should first contact your domain registrar’s support staff. This may be Bluehost, GoDaddy, or Domain.com. Most domain registrars have a 24/7 live chat or you’ll have to wait for a few hours to get a response.
You need to inform them that your domain has been stolen and ask them for the process to follow.
Usually, you need to fill out a form or send an email to a specific address to lodge the complaint. There are some registrars that will lodge the complaint instantly over chat or phone.
Once this is done, they will open a dispute stating that the domain name is rightfully yours.
Step 2: File a Registrar Transfer Dispute
While the dispute can be initiated by your domain registrar, it will be filed with ICANN. This is the Internet Corporation for Assigned Names and Numbers that governs the internet across the globe.
You can think of them as the top authority that will investigate and resolve the dispute.
One thing to keep in mind here is that ICANN will accept disputes only from ICANN-accredited domain registrars. This is why it’s so important to choose a trustworthy domain registrar. It’s best to stay away from sketchy websites that offer you free or cheap domains that aren’t accredited.
If you feel the dispute isn’t going anywhere, you can access the ICANN complaint portal and file a complaint on your own.
Keep in mind that ICANN has no contractual authority to address complaints involving ccTLDs such as .us, .eu, .ac, and .uk. You’ll need to contact the relevant ccTLD manager.
For more on this, you can browse through the ICANN Registrar Transfer Dispute Resolution Policy here.
Step 3: Provide Proof of Ownership
To get the dispute ruled in your favor, you’ll need to provide proof that the domain name belonged to you. Proof of ownership documents can include:
- Bills and invoices
- Financial transactions associated with your domain
- Website backup copies
- Registration records with dates
- Trademarks and copyrights
- Domain-related marketing material
- WHOIS reporting notice
- System or web logs
- Telephone records
- Tax filing
- Renewal notices
- Notices of DNS change
- Correspondence from the hijacker, if any
You can also submit any other document that you feel will prove that you are the original domain owner.
If you have no records, you can try to get the history of the domain using online tools like the WHOIS database, DomainIQ, and WayBack Machine.
Step 4: Check WHOIS Records
When you register a domain name, your personal details and contact information is added to the WHOIS database. This is a public record of all the domain owners that anyone can access.
Mostly if a hacker has stolen your domain, they’ve probably used fake information or masked their information in this database using domain privacy protection.
But there’s no harm in checking the WHOIS database to see if you can find out any more details about who stole your domain name.
Now, if all of these steps aren’t working, you’ll need to explore legal options.
Step 5: Explore Legal Options
ICANN and domain registrars will do their best to restore stolen domains to their rightful owners. However, you need to know that registrar companies do not have the legal authority to transfer a domain name back to you.
If your domain was valuable and you absolutely must get it back, we recommend finding a lawyer that has experience in dealing with domain disputes.
They will file for a court order and submit the evidence you provide to get the domain name back.
Getting a stolen domain back under your ownership can take days to months. It would greatly depend on how quickly you file the complaint from when it was stolen and also on the proof you submit.
To make sure you don’t have to go down this rough road, we’ll show you the best measures you can put in place to prevent domain hijacking.
9+ Measures to Prevent Domain Hijacking Attacks
There are plenty of measures provided by ICANN and your domain registrar to protect your domain name.
For starters, ICANN imposes a 60-day waiting period between a change in the registration information and a transfer to another domain registrar. This gives the original owner enough time to realize a transfer has taken place and they can file a dispute before the hacker tries to resell it.
Below, we have 9 more measures you can add to prevent illegal and unwanted domain transfers:
1. Enable Domain Locking
Every domain registrar is required to add a domain lock to prevent unauthorized transfers. Most registrars enable this automatically for you.
In case you see that it’s turned off, you need to enable it inside your dashboard.
If you are unsure how to do this, contact your registrar’s support team and they’ll guide you.
Now, if someone unlocks your domain, you’ll receive an instant notification about this activity in your domain account.
2. Enable Domain Privacy Protection
When you register a domain name, your personal information is added to the WHOIS database. Anyone, including hackers, can view this information.
So if your username is your name, they can easily figure it out using the WHOIS information.
To hide this information, you need to buy domain privacy protection. This is provided by your domain registrar or web host. Learn more about that here: Should I Buy Domain Name Privacy?
3. Change your passwords regularly: Passwords are leaked quite often. It could be leaked from an app you’re using on your phone where you’ve used the same credentials as your domain account.
It’s good practice to use a strong passphrase that’s a combination of letters, numbers, and symbols. You should also change it periodically. If managing passwords is too much, use a password manager like LastPass. It makes managing usernames and passwords on multiple websites and apps simple.
4. Set up 2-factor authentication: This is one of the best ways to prevent just about anyone from accessing your account except those who are authorized.
When 2-factor authentication or 2FA is enabled, you need to enter your login username and password. After that, a real-time passcode will be sent to your phone or email. You need to enter this OTP (one-time password) in order to log in.
With this measure in place, it would be incredibly hard for the hacker to get the password that’s generated in real-time.
5. Filter IP Addresses
Domain registrars like Namecheap have a feature to whitelist IP addresses. Only these addresses will be able to log into the domain account.
So if a hacker tries to log in, even if they have the correct credentials, they will be denied access.
You can add multiple IP addresses which means you can whitelist your devices and your teammates’ devices.
6. Set up renewal reminders or auto-renew:
You can enable the auto-renew option which means the registrar will renew your domain for a new term before it reaches the expiry date.
Added to that, domain registrars also let you enable renewal reminders.
That means they’ll send you emails and notifications that your domain is about to expire. So you won’t lose your domain because you missed the expiry date.
7. Use a reliable domain registrar: Always register your domain with a popular registrar like Bluehost, Domain.com, Network Solutions, Namecheap, and GoDaddy. They make accidental and malicious transfers quite impossible. They also have measures in place to help you get your domain back in the rare case that it’s stolen from you.
8. Train employees to recognize phishing scams: Most of the time, hackers target employee accounts as they may be easier to hack. They could send phishing emails and get them to click on malicious links. They could also hack into their accounts as they might be using weak passwords.
It’s important to train or inform every teammate or freelancer that has access to sensitive accounts like your domain account to spot phishing emails and avoid giving out any business data to third parties.
9. Register a trademark: If your brand name and domain name match, you can get a trademark registered. There’s a good chance that it will get approved. For instance, our brand name is IsItWP and our domain is isitwp.com.
By registering a trademark for your business and related domain name, you will be the one who can legally use it. If someone hijacks your domain, you can always use the copyright to get it back and prevent it from being used by anyone else.
That brings us to the end of this tutorial. We hope you found it helpful in recovering a stolen domain name and also preventing a domain hijacking attack.
We recommend that you always keep a security plugin active on your website. This will monitor your site for suspicious activity, malware, and hacker attacks. Also, it’s wise to always back up your WordPress site. It’s so easy to do with a plugin like Duplicator.
You might also be interested in reading more on:
- The Complete WordPress Security Guide (Beginner Friendly)
- How to Harden Your WordPress Site to Keep Hackers Out
- How to Protect your WooCommerce Site (Steps + Security Tools)
- 9 Best WordPress Security Plugins Compared
These posts have all the info you need to secure your website with a maximum level of security.
If my registrar sides with the hacker and cannot return my domain, how do I fix my sites SEO? I’ve created a second domain. Is there a way to tell Google that the new domain is the same content as the old domain was before the hacking?
I had no idea all these risks existed. Thanks for informing me about them.
Hey Lorna, glad it helped.