Businesses dependent on an internet presence put much value on their website’s domain name.
The most sought-after .com or .net address can sell for tens or thousands of dollars, especially if connected to renowned entities or celebrities.
Obtaining a well-known domain name makes it easier to draw customers to your website and market your products and services.
Domain names are often the primary target for hackers because of their significant value. A hacker can disrupt the business’s operations by controlling a popular .com or .net address.
This is the reason you should familiarize yourself with domain hijacking and how to prevent your business from an attack.
Case studies of domain hijacking
One of the most recent cases of domain hijacking was reported in September 2020.
This was when Perl.com was hijacked and diverted to an IP address associated with malware campaigns. The attackers changed the site’s IP address shortly after the domain was offered for sale.
Another case of domain hijacking occurred in one of the largest banks in Brazil in 2016.
The cybercriminals changed the domain records for 36 different URLs. Later on, they redirected the website to a phishing page that looked like the authentic one.
This helped them steal thousands of client passwords and debit card numbers.
A similar incident happened in 2014 with Craigslist. The hackers swapped domain name service (DNS) entries from the site’s primary IP addresses and redirected customers to parody sites.
This significantly tarnished the reputation of Craigslist. Another popular domain hijacking case was in 2004, when a teenager gained control of eBay’s DNS.
However, in this case, the teenager had no malicious intentions. If the DNS had been under the control of a hacker, the damage would have been catastrophic.
How are domains hijacked?
Domain hijacking refers to illegal access to a domain name registrar. It means your domain name has been stolen. An attacker exploits a security loophole in a domain name registrar.
Domain hijacking also occurs when a person gains access to a domain name owner’s email address and changes the password to their domain name registrar.
Another scenario of domain hijacking is where an attacker gathers all the personal information about the owner of a domain name and uses it to impersonate them.
By posing as the domain owner, the attacker asks the domain registrar to change the registration details or shift the domain to another registrar under their control.
The other ways of hijacking a domain include domain registration vulnerability, email vulnerability, phishing attempts, and keyloggers stealing login passwords.
After the attacker has access to a target domain name, they use it for malicious activities like social engineering scams, launching spam campaigns, and other cybercrime activities.
What happens after domain hijacking?
The first thing that happens when a domain is hijacked is that the hacker gains control of the target website and uses it for malicious activities.
These activities include launching phishing attacks and spreading malware. The attacker may also redirect traffic from the target website to other websites.
The attacker may also sell the domain name back to you at a higher price. Another scenario is that the attacker could replace your web pages with identical ones to steal sensitive data.
This includes contact information, account information, IP addresses, social media accounts, or other information for identity theft.
Attackers can also display their content on your site. They could take over your SEO and stuff your site with keywords to sell illegal products. All of these consequences result in damage to your brand reputation and lost sales.
How to recover your hijacked domains
A simple way to recover your hijacked domain is to try and find out who hijacked it and take legal action against them. The ICANN has a database of all domain owners and their contact information.
This resource is called WHOIS and is available to the public. Therefore, you can type in your domain name and see the current owner’s details.
However, many hackers apply domain privacy protection, so you may not be able to find the owner’s personal information, like their names and contacts.
There are two other effective ways to recover your domain name: contacting your domain registrar and contacting the ICANN (Internet Corporation for Assigned Names and Numbers).
The fastest way to get back your domain name after a hijack attempt is to call your registrar tech support team. Explain the situation so they can start investigations.
The registrar may require you to confirm ownership of the account. This includes requesting you to send personal data like your driver’s license, Social ID, and other details to prove you are the domain name’s owner.
Alternatively, if the attackers have not transferred your domain name to another company, you should go to ICANN. This is the internet authority for disputes involving domain names.
In many cases, ICANN implements a 60-day delay between changes on the registration transfer and the domain transfer. This gives the registrant enough time to note and act on any changes.
When the control of the domain has been transferred to another registrar, you may regain control through ICANN’s Registrar Transfer Dispute Resolution (TDRP).
Another option is to apply for ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP) process.
Before making any claim, ensure you have your registration records to prove the relationship between you and the hijacked domain account.
How to protect your website from domain hijacking
Understanding how domain hijacking occurs prepares you for these incidents. To minimize the chances of falling victim to domain hijacking, ensure you adopt the following best practices.
1. Choose a reputable domain registrar company
When launching your website, you should not choose the first domain registrar at your disposal. It is essential to research the background and reputation of a registrar.
Determine how long they have been in business, how they have dealt with cases of domain hijacking, and their pricing.
It is also essential to look at the domain registrar’s service features. Choose a registrar with the following features:
- Two-Factor Authentication: register with a company that offers 2FA
- DNS Management: This helps you set DNS records from your domain’s control panel
- Technical Support: An important feature of DNS registrars is customer support. These services should be available round the clock to address any customer issues. This is especially crucial to recover from hijacked domains quickly.
2. Turn on two-factor authentication
One of the security measures you should take to prevent domain hijacking is to enable 2-factor authentication in all your online accounts, including your domain name account. This is helpful if you lose your password.
Also, if an attacker cracks your username and password, the two-factor authentication will prevent them from hijacking your domain.
With the two-factor authentication, you must enter your username and password, and a code sent to your email or phone to access your domain registrar.
It is unlikely that a hacker will be able to access the code in your email or phone.
3. Activate domain locking
Many domain registrars have a lock-up period. This is a duration when a web address may not be changed. Although domain locking does not prevent your website from working, it prevents it from being sold.
This common strategy prevents unauthorized domain name transfers to another registrar. For many registrars, this feature is enabled by default.
4. Enable WHOIS protection
WHOIS Privacy Protection is a solution that helps you keep sensitive information away from the public.
Your domain’s WHOIS information reveals a lot of information about you, and this can be used to initiate phishing attacks.
Hackers use information such as your address, email address, and telephone number to launch social engineering attacks.
Enabling WHOIS protection reduces the amount of vulnerable OSINT data about you and your company.
5. Use a strong password
Using a strong password prevents malware attacks and unauthorized access to your accounts. When creating a password, make sure you do not use dictionary-based words.
Also, avoid using obvious information like your date of birth or favorite drink. These are vulnerabilities that an attacker will use to access your accounts.
A strong password should have eight or more characters. Make sure you combine upper and lowercase letters, symbols, and numbers.
6. Change your password regularly
Apart from creating a strong password, many security companies recommend changing your password regularly. You should replace your old password after at least 90 days.
Sometimes it takes a hacker some time to plan an attack. Therefore, if they could crack your password, they may not launch an attack immediately without formulating a plan.
Changing your password regularly may help you avoid being a victim of a DNS attack.
7. Update your domain contact details
It is essential to keep your domain contact information updated and accurate. Many domain names are hijacked because the contact information includes an expired or old domain-based email address.
Your contact, tech, or administrative details should be accurate during an emergency. This helps your registrar reach you quickly if they notice any abnormal activity in your account.
A good practice is to keep a notebook or document with all the information about your domain account.
8. Don’t share your domain register login credentials
One of the careless mistakes domain owners make is sharing their login details. You should keep your domain registrar login details protected.
Limiting access to your domain login details is imperative if your clients’ personal details are at stake.
Sometimes, web designers and other IT services ask their clients for domain register login data to adjust some DNS configurations.
Since you can make these changes yourself, desist from sharing your login details.
If you do not know how to update DNS configurations, ask your technician to give directions on setting a new name server, changing DNS records, or performing other basic adjustments.
Create a sub-account with restricted access if you have to share your login details. This will ensure that no one modifies anything beyond what is required.
9. Beware of emails requesting registrar login details
One of the tools that hackers use to hijack domains is phishing attacks. These attacks can be in the form of simple email messages from the ICANN or your domain registrar.
An attacker may forge a trusted sender’s email address to send phishing emails. Additionally, the attacker may use a domain name similar to yours to launch a malware attack.
As a rule of thumb, you should confirm the address sending you messages. Also, do not click on suspicious links or open attachments you do not trust.
Furthermore, you should be wary of emails from your registrar requesting your username or password.
Contact your domain registrar from their official web page and forward any emails you receive from their technical support so they may determine their authenticity.
Similarly, if you receive emails that seem to have been sent by ICANN, forward them to [email protected] for verification.
10. Don’t use the same company to register your domain and host your website
Many domain registrars offer web hosting services like dedicated or shared hosting servers. This enables them to keep all your business within their company. As a result, they can sell you complimentary products.
If you want a discount for domain registration and web hosting, you can achieve this if you receive both of these services from one company.
One downside is that if a hacker accesses your domain name, they will also get your web hosting space and access important files. This double threat can be devastating to your company.
To avoid this, keep the domain and hosting on separate accounts.
11. Use a Sender Policy Framework Text record
A Sender Policy Framework Text record is a DNS record that prevents phishing and spoofing by verifying the domain name from where email messages are sent.
The DNS record contains a list of the IP addresses allowed to send emails on behalf of your domain.
Spammers falsify email headers and edit the “from” address, making it look like they are sending from an email address to your domain.
Spoofing is a hacking strategy that allows attackers to obtain personal account information or tarnish your brand’s reputation. Also, these spam messages can lead to an account owner receiving replies for mail they never sent.
A Valid SPF TXT record is made up of three parts. First is a declaration that it is an SPF TXT record.
The second part is the IP addresses allowed to send mail from your domain and the external domains allowed to send on your domain’s behalf.
Lastly, it should have an enforcement rule. This rule declares whether the message is from a genuine or fake address.
12. Train your employees on basic cyber security
Sometimes domain hijacking is a result of the negligent actions of your employees. Maybe an employee logged in to your account and forgot to sign out, exposing you to hackers.
Another scenario is employees responding to messages and downloading attachments without verifying their authenticity.
An essential step toward preventing domain hijacking is to train employees to identify phishing scams. This will prevent them from unknowingly allowing hackers to access your website.
Protect your website today
Your domain name is as crucial as any sensitive business credentials. It is a representation of your brand and is what draws customers to your business.
When creating an eCommerce site, one of the essential considerations is the domain name. This name will affect your SEO rankings and should reflect your products and services.
Therefore, you must protect your domain name from being violated by hackers.
If you lose your domain name, your business may decline, and your clients will rush to your competition. Furthermore, your SEO rankings will drop.
Recovering from domain hijacking is a costly affair, and many brands take years before they can regain the public’s confidence. You may even face a lawsuit if an attacker uses your domain name to violate or steal from your clients.
Taking the highlighted steps to prevent domain hijacking is the best way to protect your business from cybercriminals.
You should also recruit a team of cyber security personnel to monitor your domain and website for vulnerabilities and threats.
Ultimately, preventing a DNS attack and making your eCommerce site reliable will pay off in terms of employee and customer satisfaction and improved sales.