On Monday, The Huffington Post reported on domain theft, a scheme in which hackers steal valuable Internet addresses and sell them in online forums or extort their rightful owners.
They now have a followup article on how domain name owners should protect themselves from domain name thieves.
Some of the advice offered is bad or not very accurate but it is a start on alerting the public on these mattes. For example the article suggests using a whois privacy service so that scammers can not send you phishing emails. Of course that is not true because if someone sends an email to the privacy email address shown on whois then the email is forwarded to your real email address. So you get the phishing email anyway. The only way to avoid phishing scams is not click on links from emails.
Also Huffington Post suggests that people use Web.com (one of the worst registrars around) because it offers an extra feature that prevents anyone from transferring a domain name to another account until a company representative has called the account owner on the phone and that person has provided a nine-digit PIN code to prove their identity. However, the added security comes with a hefty price tag — $1,850 for the first year, and $1,350. This is crazy money and a service targeting newbies with too much money in their hands.
Here is Huffington Post’s advice:
Most of us are aware that hackers can steal our financial information. But few people realize that hackers can also go after other valuable property online, like web addresses. Short, catchy URLs can be worth millions of dollars, making them prime targets for thieves.
If a hacker steals your domain name, there’s often little you can do to get it back. But how do you protect your website from getting hijacked in the first place?
BE SKEPTICAL OF EMAILS
Start by questioning emails that claim to come from a domain registrar like GoDaddy. Hackers often steal website addresses by sending fake emails to their owners. The bogus emails include malicious software that allows thieves to gain control of their victims’ email accounts and approve the transfer of their domain names.
The bogus email might say: “Urgent attention! We believe your account has been compromised and payment method is no longer valid. Please log in and correct information,” according to Dave Piscitello, a senior security technologist for ICANN, a California-based nonprofit responsible for managing the Internet address system.
Once a hacker has control of your email account, the criminal can transfer your website into his or her control, and you might not be able to get it back.
TAKE EXTRA SECURITY MEASURES
Choose a domain registrar that offers added security features, like GoDaddy’s two-step authentication, that make it harder for hackers to break into your domain account. You should also request your domain be placed on “Registrar Lock,” which requires you to “unlock” the domain before you transfer it by logging in to the registrar’s website. With the lock in place, a hacker would need access to both your email account and your registrar account.
For an extra $8 a year, GoDaddy will also hide your contact information — including your email address — from a public list of domain owners known as the “Whois” database. This prevents thieves from knowing how to contact you to send a bogus email, according to the company.
For even more security, Web.com offers an extra feature that prevents anyone from transferring a domain name to another account until a company representative has called the account owner on the phone and that person has provided a nine-digit PIN code to prove their identity. However, the added security comes with a hefty price tag — $1,850 for the first year, and $1,350 for each additional year.
KEEP YOUR RECORDS
If your domain name is stolen, you’re more likely to recover it quickly if you’ve kept documents related to the website, such as billing and registration records. Such documents can help in a lawsuit or when the domain registrar investigates the theft.
To get your domain back, “you have to demonstrate you’ve been a victim,” Piscitello said. “Without documentation, your recourse is very limited.”