Domain Theft Preventions and Remedies

Domain theft is notorious. Although cunning the thieves are, registrants can prevent the theft and avoid the unnecessary loss with precautions.


For Investors

a. Never divulge your personal information. Some thieves can steal the domain names easily, because they already have the account information and the password. In 2012, there was an investor losing his domain names due to that he had told one of his friends about his account information. And the “friend” transferred the domain names away on the sly.

b. Use complex password for your email. Except the personal information leakage, some thieves steal the domain names through decipher the password of the registrant email and then get access to the domain name administration. There was a case that the thief deciphered the email password of the registrant and transferred away 9 domain names of $100k.

c. Be cautious of phishing websites. Aside from the above two main criminal patterns, some crimes use counterfeit phish websites to steal domain names. It has been reported that a website Godabdy.com induces the Godaddy users to type in their accounts and passwords and record the information for crime.


For Registrars

a. Fix Vulnerabilities. Recently, many cases of domain name crime were due to the system bugs of the registrars, which were vulnerable to the hack attacks. The registrars’ bugs bring in lots of loss for the registrars and their users. Thus, fix the vulnerabilities shall be the first important thing to prevent domain thefts.

b. Enhance the administration of domain names. In additional to the vulnerabilities in the system, lacking of effective domain name administration shall also be a reason for the domain name crime. Therefore, it is the registrars’ responsibility to strengthen the management of the domain names, set up effective domain name protection measures. Last year, the registrar Ename has launched a new security lock, which was set on the root of the domain names to prevent the domain name from being transferred away arbitrarily.


If unfortunately it was too late to do the prevention jobs, never give up. There are still chances to get the domain names back.

a. For the investors. Once you find the domain name stolen, please contact the registrar immediately. Provide relative document and proofs to the registrar to lock the domain name. Or provide the registrar everything that can be regarded as the proofs for ownership to require the domain name back. Many domain names were retrieved through this method.

b. For the end users. If the official website of the company was stolen, in additional to contacting the registrar and requiring the domain name back, the company shall launch an alternate domain name at once and publish official declaration to explain the situation to the users in order to reduce the damage to the lowest level. In the case when Zhanqian.com was stolen, the website carried out the remedy at once and saved the reputation and economic loss.

If the registrar did not respond to the stolen case, you must collect the relative proofs for the litigation.

c. For the registrar. Once received the report of domain name stolen cases, the registrar shall check the system to see if there was any bug within the system while asking for the information and helping the user to retrieve the domain. After all, in the domain theft cases, not only the domain owner would suffer the loss, the registrar will also suffer impairment in their reputation.


Resource: http://news.ename.cn/zhuanti/yumingbeidao/

Declaration: this is an informative article that do not represent official investing advice, with no intend in misleading readers.Please be open-minded and objective. Welcome varied discussion below.Thanks!

 

Don't forget 2 factor authentication. A simple text gets me a code
Thanks for sharing the other good tips

 

Yes, 2 factor authentication, the most basic one. Thanks!

 

There are many things you can do, but the reality is if someone really wants your domains and is skilled, they have a good chance of getting your domains regardless of all the security measures.