You have probably done this, but I would institute 2FA assuming that registrar offers it, and also change your pw at that registrar to something very different and complex (assuming I understand properly that they seem to have the right auth code).
As was suggested, if your registrar supports it, you could generate new auth codes on names you are particularly worried about.
Does your registrar give you access to the IP numbers last used to log in to your account? A few do.
-Bob
Yes I changed my password to something I could never remember. Their tech support did resolve the issue. Even before the attempted transfer, my PW was randomly generated. I honestly believe the weakness is the security question. Most security questions are one word answers. Maybe because my answer is something I can remember, maybe I'm at fault. Or maybe Norton is the weak link.
I don't know for sure, I think the first attempt was from outside Domain dot com. The reason I say that is because several domains were in the 3-4 day transfer wait period. I denied/blocked the transfers.
The second time they deactivated several domains, but the transfer process didn't begin yet, maybe I caught the process at the start. How do you deactivate a domain from outside the registrar? Inside job???
In case anyone is wondering the deactivation was not because of renewal. I still have a full year to renew and it's on automatic renewal.
Live Tech support didn't go into detail other than to say there were discrepancies. Since I'm new to domaining I couldn't ask technical questions as to what was going on. And they would have a record of me requesting an auth code.
I'm fortunate that my domain portfolio is low double digits. I have no idea how anyone that has a considerable amount of domains keeps track of these kinds of attempted domain hijacking.
Lastly if this was a social engineering hack, what in the world are these hackers saying to gain access?