Stopping Domain Name Theft featured image

Stopping Domain Name Theft

by Eric Misterovich

Partner

Internet Lawyer

Not many people question the value of domain names. Multi-million dollar domain names are nothing new. But as we grow more comfortable understanding the true value of domain names, the steps users take to secure those domain names is severally lacking.

This can lead to the stunning realization that a domain name has been transferred out of your possession. You didn’t feel it, you didn’t see it, and there is next to no evidence readily available to figure what happened. You are a victim of domain name theft. To read an example of this, check our the HuffPo article on the theft of MLA.com

15721594607_005d7966c2_z Over the past year, we have noticed a considerable rise in instances of domain theft, often emanating from overseas hackers. Owners of valuable domain portfolios need to pay attention to this trend and take the steps necessary to reduce the risk of losing valuable property. It’s time to treat your domains like the valuables in your home.

 

Only Use Registrars That Offer Two-Factor Authentication

The best advice to preventing domain theft is using a registrar that requires two-factor authentication (2FA). As we previously discussed, registrars that do not use 2FA could be opening themselves up to liability. However, you should avoid the problem all together by ensuring your registrar requires two forms of authentication to alter a domain’s settings. This is especially important given the phishing scams arising from ICANN’s relatively new WHOIS accuracy program, explained below.

Beware of Phishing Attacks

Phishing is generally referred to the attempt to acquire information by masquerading as a trustworthy source.

ICANN’s “WHOIS Accuracy Data Specification” requirement, while well intended, has opened the door for these types of attacks. This requirement states that within 15 days after changes to a WHOIS record, the registrar must verify the changes. The registrar will attempt to verify this change by sending a confirmation email.

This gives enterprising hackers a wonderful option. If a hacker can determine that a site was recently updated, it can send a fake-verification email that could lead to any number of bad results.

If you have recently transferred a domain or changed a WHOIS record, take great care in responding to the registrar verification emails.

Use Private WHOIS Listings

Many times hackers gain access to a domain owner’s email account and use that to access the domain owner’s registrar account. Once inside the registrar account, the hacker can easily transfer out the domains to another registrar.

A simple way to prevent this is to prevent the public from seeing the email addresses associated with your domains by using a private WHOIS listing. Many domain privacy services exist and for a small fee, you can keep your information from prying eyes.

Revision Legal’s Internet attorneys help people recover stolen domains. If you find yourself in this position, contact us today.

 

Extra, Extra!
Recent Posts

Can I Trademark a Non-English Word or Phrase in the U.S.?

Can I Trademark a Non-English Word or Phrase in the U.S.?

Trademark

Yes, as long as the proposed trademark meets the other requirements for registration. U.S. trademark laws do not require that only the English language can be used for trademarks. However, whatever the language, trademarks must meet the legal requirements, including functionality, distinctiveness, uniqueness, etc. For example, every trademark must function as a trademark in that […]

Read more about Can I Trademark a Non-English Word or Phrase in the U.S.?

California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

Internet Law

In a new ruling, a California federal judge has declared the entirety of California’s Age-Appropriate Design Code Act (“CAADCA”) to be unconstitutional. Cal. Civ. Code §§ 1798.99.28 et seq. See media report here and the Opinion here. The case is Netchoice, LLC. v. Bonta, Case No. 22-cv-08861-BLF (US N.Dist. Cal, March 13, 2025). The CAADCA […]

Read more about California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

Put Revision Legal on your side