How to protect your brand from domain hijacking

Last updated on: January 16, 2023

Imagine finding the perfect domain name, putting in thousands of dollars to build the website and market it, only to have it hijacked by bad actors. If your business’s online presence is crucial for its operations, domain hijacking may halt things altogether and lead to severe revenue loss. 

In this article, we discuss:

• What is domain hijacking?
• Top techniques used for domain hijacking
• Consequences of domain hijacking
• How to effectively prevent hijacking

What is domain hijacking? 

Domain hijacking or domain spoofing is a type of attack that occurs when a company’s domain gets stolen. It usually happens when bad actors get illegal access to the domain or exploit the common cybersecurity vulnerabilities of the domain name registrar. 

This in turn makes it impossible for the legitimate owner to access their website’s backend. 

After hijacking a domain, scammers can leverage hijacked domains in different ways, including: 

• Transfer the domain name in order to redirect traffic through external hosts
• Redirect the domain to a malicious site 
• Conduct phishing attacks by impersonating the original website to steal the personal information of users including their emails, passwords, and credit card details.
• Sell the domain to the highest bidder
• Blackmail your business to pay in order to regain access

Many brands have been a victim of domain hijacking in the past. While most end up regaining access to their domains, it can be a costly affair to pay ransom to scammers and it can also affect the brand reputation.

• Google’s Vietnam search page as well as Lenovo’s Vietnam domain were both briefly hijacked in 2015. 
• In 2016, MLA.com was attacked by Russian domain thieves. The legitimate owner acquired the domain in 1997, valued at $47,000. The scammers were never caught and the owner lost access to the domain entirely.
• Chinese hackers hijacked the ShadesDaddy.com domain in 2015. While the site was used by an eyewear business to sell glasses, the hackers ended up redirecting the traffic to a phishing website that sold counterfeit eyewear. 

Top techniques of domain hijacking

Domain loss can occur under numerous circumstances. By understanding all of the techniques behind domain hijacking, you can better equip yourself to prevent any attacks from scammers. 

Impersonation

Scammers can collect the personal information of legitimate domain name owners and impersonate them in order to access their accounts with the domain registrar. Scammers can then either change the registration details of the domain or transfer the domain to another registrar entirely to gain control over it.

Phishing 

Hijackers may send a fake login page to the domain owner and convince them to fill out the necessary information in order to gain access to their login credentials. In some cases, hackers can design a phishing website impersonating the domain registrar, and even send fake emails to trick unsuspecting domain owners.

Pharming

Pharming is a domain hijacking technique where your domain is redirected to a malicious website or there is offensive content posted on the original website. This can not only damage your brand reputation severely but can also lead to a loss of customers.

Exploiting vulnerabilities

Hackers can either exploit a vulnerability present in websites or the domain registrar’s backend to find a way to gain access to domains. Using outdated software, especially outdated website management software like WordPress, can make websites more vulnerable to attacks. 

Waiting for domains to expire

One of the simplest ways to hijack a domain is by looking for domains that are close to expiring and hoping that the domain owner forgets to renew them before the expiration date. If this happens, the hijacker can buy the rights to your domain from right under your nose, leaving you helpless and forced to pay a ransom to get it back. 

Consequences of domain hijacking

Decrease in revenue: Companies that rely on their websites for business can end up losing millions and millions of dollars in revenue when they end up losing control of their website domain. While the damage may be temporary if you are able to gain access back, domain hijacking can still cause a permanent dent in your revenue.

Damage to brand reputation: When domain hijackers take over your domain and facilitate cyber crimes through your website like installing malware or stealing the private information of customers, it can directly lead to a severe impact on your brand reputation.

Lack of customer loyalty: When your customers see that you cannot even protect your own website domain, they may not trust you with their private information 

How to prevent domain hijacking

Here are some of the top ways to prevent domain hijacking:

1- Go for an enterprise-level domain name registrant

Some domain name registrars are aimed at individuals and small businesses, others are specifically meant for enterprises. Setting up your domain with a registrar that is mostly providing services to big enterprise companies means you get the required security protections that align with your business requirements. It will also allow you to scale your website as your business grows without any security concerns.

2- Increase domain protection

Focus on increasing the overall protection levels of your domain through several different measures, including:

Enable two-factor authentication: Adding two-factor authentication for all your domain and website accounts provides a second layer of security that protects you from losing control of your website domain, even if your username and password get stolen.

Enable WHOIS protection: Anyone can look up the WHOIS database to check details about a domain name holder. They can view the registered name, address, and even email address of the domain name holder. Hackers can then use this information to initiate phishing attacks in order to get access to your domain.

Enabling WHOIS protection restricts the amount of personal information available to the public. Usually, domain registrars provide this service for an extra charge. 

Enabling domain locking: A security enhancement feature, domain locking allows you to prevent any unauthorized transfers to another domain registrar.

3- Beware of phishing and scam emails 

Hackers can send phishing or scam emails through a forged email address or domain name which may seem genuine but it’s actually not. For instance, it may seem like the email is coming from ICANN or your own domain registrar when it’s actually a phishing email sent through a fake email address.

These scam emails then redirect you to phishing websites that ask for your login details. As such you should be wary of any emails that ask you to click on a suspicious link or request for your account username and password. In case of any doubts, it’s best to reach out to your domain registrar through their official website to confirm whether the email you received was genuine or a scam. 

4- Install updated security patches

Any and every vulnerability in your website can be taken advantage of by hackers in order to hijack your domain. That is why it is extremely crucial to update security patches to your website servers so hackers cannot leverage any known software vulnerabilities. 

5- Constant monitoring

The most important step is to constantly monitor your domain and other subdomains for any efforts of hijacking. The goal should be to either prevent hijacking altogether or take down any impersonating websites before they can cause any serious damage to your brand.

What to do if your domain has been hijacked

It can be challenging to recover a hijacked domain. It mainly depends on how soon you take an action and your domain registrar’s ability to return the domain back to you. 

If the domain hasn’t been transferred yet, it may be possible for the domain registrar to return it back to you with just proof of ownership. 

But things can get rather complicated if the domain has already been transferred to another individual. You will have to file for a Registrar Transfer Dispute Resolution with ICANN in order to get your domain back. You can also apply for ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP) process.

You will be required to provide documentation that proves you owned the domain before it was transferred or hijacked. If you are filing a UDRP complaint, you will have to prove three things: 

• You have the trademark for the domain name
• The website domain name is very similar to a trademark you own
• The new registrant does not have any legitimate right or interest in owning the given domain name

The easiest way to expedite the process and ensure your hijacked domain name can be quickly claimed back is by registering trademarks for your business and using the same trademark names for your domain. That way, when you complain to ICANN or the domain registrar, you would only have to provide trademark documentation to prove no one else has the right to use your registered trademarks. This can also help shut down domain impersonation and phishing attempts quickly. 

What’s next

Registering for trademarks and securing your domain is just the first step towards avoiding domain hijacking. The second, more important step is to constantly monitor any attempts of hijacking. While you can’t completely avoid hackers from attacking your website, you can minimize the damage by taking proactive steps and reclaiming your domain as soon as possible. 

Red Points’ Domain Management Services takes all the manual effort out of monitoring your domain and protecting it from hijackers. The software can detect infringing domains or domain hijacking attempts and can ensure your domain stays safe.