How To Protect Your Domain Names From Domain Name Hijacking Scams

If you want to protect your domain names from domain name hijacking scams, then you have to be a little proactive with your domain name management, be able to recognize the most common domain name hijacking scam and spend a few extra dollars a year. Here’s the deal…

The letters look official -- heck, they know what your domain name is. They have your correct name and address. They even know your domain name is expiring soon. Who are they? Most likely the letter you received was from one or both of these companies; Domain Registry of America (DROA) or Liberty Names of America (LNOA). And they know this because the information is in a public domain name database known as WHOIS.

Now both are known domain name hijackers. They use perceived legitimacy and a marketing tool that probably dates back to the cave men …”The takeaway.” The takeaway creates urgency to get the prospect to act immediately. A common takeaway that we’ve all seen is “for a limited time.” In the case of these domain hijacking letters, to the unsuspected domain name owner, they look very much like expiration notices (that’s the takeaway), except they are not expiration notices at all.

Plus, the letters are specifically formatted and worded to fool you. That is, unless you read the tiny fine print on the letter which lays out the whole scam without telling you that’s what it is. The fine print basically states that after you sign off and give them your check or credit card number, you agree to the transfer of your domain name to them. Yipes! That’s not a good thing.

What’s amazing is that this is not a new domain hijacking scam. Both these companies have been investigated and charged with fraud by the FTC as far back as 2003. But domain name owners continue to fall victim to this every day.

Below are a few ounces of prevention you can use to protect yourself.

Step 1:

Pony up a few extra bucks a year and use private registrations. Private registration of your domain names eliminates your name and contact information from showing up in the public WHOIS database. Instead of your information, WHOIS searches will show something like “Contact Privacy” as the domain owner. But behind the scenes, the actual domain owner is fully in control of their domain name. Most domain registrars now offer private domain registrations for a small annual fee. Private registration is a no brainer. If the hijackers don’t have your name and physical address to mail these hijacking letters to, the scam is DOA.

Step 2:

Enable domain locking on all your domain names. This is done through your domain account at your registrar. Locked domains cannot be transferred. While the domain name is locked, initiating a transfer is prohibited until the domain name is unlocked. Unlocking the domain falls under domain name management, which can only be done by the domain owner or a person authorized by the owner, possibly the domain name owner’s web designer. If all your domains are not locked, then go enable domain locking on them now.

Step 3:

Keep your contact information accurate and up to date. Even with a private registration, you are still at risk of losing your domain names. Maybe not to a hijacker, but to your domain registrar.

By regulation, registrars are required to verify domain name contact information and ownership. They do this by sending periodic emails to the registered administrative contact who must verify their contact info with the registrar. If ownership cannot be verified, the registrar can strip you of the domain name.

Step 4:

Don’t give out your domain account login information. Seems pretty obvious, but you’d be surprised how many people give their information out to a web design company and then fail to change the password if they switch to another web design firm. Also, get in the habit of changing your password periodically.

 

Getting back a domain name that was hijacked is a daunting task. Play it safe and make domain name hijacking one less thing for you to worry about.

No posts.
No posts.