Most of us are aware that hackers can steal our financial information. But few people realize that hackers can also go after other valuable property online, like web addresses. Short, catchy URLs can be worth millions of dollars, making them prime targets for thieves. On Monday, The Huffington Post reported on domain theft, a scheme in which hackers steal valuable Internet addresses and sell them in online forums or extort their rightful owners.
If a hacker steals your domain name, there’s often little you can do to get it back. But how do you protect your website from getting hijacked in the first place?
BE SKEPTICAL OF EMAILS
Start by questioning emails that claim to come from a domain registrar like GoDaddy. Hackers often steal website addresses by sending fake emails to their owners. The bogus emails include malicious software that allows thieves to gain control of their victims’ email accounts and approve the transfer of their domain names.
The bogus email might say: “Urgent attention! We believe your account has been compromised and payment method is no longer valid. Please log in and correct information,” according to Dave Piscitello, a senior security technologist for ICANN, a California-based nonprofit responsible for managing the Internet address system.
Once a hacker has control of your email account, the criminal can transfer your website into his or her control, and you might not be able to get it back.
TAKE EXTRA SECURITY MEASURES
Choose a domain registrar that offers added security features, like GoDaddy's two-step authentication, that make it harder for hackers to break into your domain account. You should also request your domain be placed on “Registrar Lock,” which requires you to "unlock" the domain before you transfer it by logging in to the registrar's website. With the lock in place, a hacker would need access to both your email account and your registrar account.
For an extra $8 a year, GoDaddy will also hide your contact information -- including your email address -- from a public list of domain owners known as the “Whois” database. This prevents thieves from knowing how to contact you to send a bogus email, according to the company.
For even more security, Web.com offers an extra feature that prevents anyone from transferring a domain name to another account until a company representative has called the account owner on the phone and that person has provided a nine-digit PIN code to prove their identity. However, the added security comes with a hefty price tag -- $1,850 for the first year, and $1,350 for each additional year.
KEEP YOUR RECORDS
If your domain name is stolen, you’re more likely to recover it quickly if you've kept documents related to the website, such as billing and registration records. Such documents can help in a lawsuit or when the domain registrar investigates the theft.
To get your domain back, “you have to demonstrate you've been a victim,” Piscitello said. “Without documentation, your recourse is very limited.”