Domain Hijacking & How To Avoid It

Posted on November 01, 2017

It would seem like registering your company's domain name is enough to make you the owner, but domain hijacking is a serious and common threat that can take your website out of your hands and into the hands of hackers. It's a frustrating thing and perhaps something you'd rather not worry about, but without being aware of the issue, you leave your website open to the risk of being hijacked and stolen from you.

How Does It Happen?

Hijackers are always crawling the web looking for newly registered domain names that have not been setup properly. They will look for known backdoors and security weaknesses in your web design and setup so that they can get in, steal your information, and hijack your domain name. Basically, they'll get the information they need, head to the company with which your registered your domain name, and convince the registrar that they are the rightful owner so they can transfer the domain to their registrar - usually located out of the country.

What Is The Solution?

When a domain is hijacked, the thief will typically hold it for ransom waiting for you to pay to have it transferred back to you. The price they charge for the domain name depends on popularity of your company and website. Hijackers target companies and individuals of all sizes, but they usually look in the middle ground, targeting local businesses and online presences so they can count on likely security weaknesses while still finding an individual who will be motivated to pay to retrieve their domain name again.

However, recovering your hijacked domain name is not always easy. The first thing to do is notify your domain registrar that you think your domain has been hijacked. They may be able to help you regain control of your domain if you can prove that it has been accessed without your knowledge.

Tips To Minimize The Risk

If you truly want to prepare yourself and minimize the risks as much as you can, there are some steps you can take:

  • Choose the right registrar who has a reputation for being helpful. Try to find one with a customer service center based in your country so you can communicate with them easily if there is a problem. Make sure they are reputable and not known to work with hijackers.
  • Keep the contact information on your domain's account up-to-date.
  • Make sure to use a secure password.
  • Monitor your domain to make sure no changes are being made without your knowledge.
  • Setup a barrier between your identity and your personal life. Thieves will usually do the research on the person whose name the domain is registered on so they can find information to help convince the registrar that they are you.
  • Locking your registration will prevent third-party transfers, deletion, and modification - but not all registrars allow it.
  • Always renew on time.

  • These steps will help you keep your domain safe and in your control.