Shadesdaddy sells authentic sunglasses from big names like Oakley, Ray-Ban, and Prada. But in early 2015, someone in China was able to hijack the Shadesdaddy.com domain. The thief did this by gaining access to the registrar account that hosted the domain. Once he had control of the domain, he could redirect traffic to another site that offered counterfeit products meant to trick Shadesdaddy customers. Shadesdaddy was eventually able to regain control over their domain, but not before customers purchased fake products. Shadesdaddy lost thousands of dollars in revenue as well as trust with their customers. It would take months for IT and management to sort out the mess. Few assets are as valuable to a company as its domain. Yet, many companies do little to protect it. Thieves recognize this and have targeted small businesses lacking an understanding of domain control and management. Shadesdaddy did not know they had been attacked until they noticed a drop in web traffic. Let us look at some of the steps you can take to protect your domain from hijackers.
Domain Hijacking DefinedLosing control of your domain is the simplest way to understand what domain hijacking means. But what does that mean for your business? Here are a few scenarios:
- Domain Transfer – This is what happened to Shadesdaddy. Ownership of your domain is transferred to someone else. Once your domain has been transferred to another entity, you must work with ICANN and Verisign to get it back. This is basically the worst-case scenario.
- Pharming – If the hijacker points your website to a malicious site or posts offensive content on your site this is called pharming. Hijackers will often use pharming techniques in order to embarrass or attempt to harm the reputation of another person or company. Defacing a website is an example of Pharming.
- Phishing – This is a sinister form of domain hijacking where the thief replicates a site with the intention of gathering sensitive information. Imagine a hacker sending an email to an unsuspecting customer of Amazon. The email instructs the Amazon customer to update his payment information at a site that looks like Amazon but is owned by the hacker instead of Amazon.
Pick Your Registrar CarefullyMany people do not understand the differences between registrars and simply select the least expensive option without realizing they might be giving up security features in the process. This is not the time to save $20 on a registrar. Some registrars target consumers while others target large or small businesses. Selecting a registrar that offers advanced security features is important even if you do not sell products on your website. Advanced features that are most important to look for are two-factor authentication, lockdown options that protect your privacy as well as automatic domain-lock after a certain number of failed account login attempts. It takes some paperwork and patience to change registrars. That is by design, but it can be done if you are not happy with your current registrar. Some companies are touting their ability to detect and deter domain hijacking. It is best to ask around, do your research and avoid free or cheap options.
Monitor Website TrafficA dip in website traffic was the first indication that something was wrong at Shadesdaddy. A closer look revealed their visitors were being redirected to another site that did not belong to them. IT should have access to advanced monitoring tools that can alert your company when traffic patterns change. Depending on the sophistication of the domain hijacker, you may not see much change in traffic. But the traffic could be coming from a part of the world that is out of the norm for your site. The hijacker will attempt to make you feel like it is “business as usual” because it gives him more time before the customer or registrar is alerted to anything out of the ordinary. Do not rely on your registrar or web hosting service to monitor such changes.
Register Domains in Your NameThis step may sound obvious, but many companies turn over management of their domain to a third party during the registration process. This is common when you register a domain or accept a “free” domain when you sign up for website or email hosting services. Turning over management of your domain may allow for faster setup of your website without your intervention, but it comes at the risk of security. Always register domains in your own name or the name of someone you fully trust. This step is complicated by the number of confusing contact options associated with domains. These include the registrant, admin, and technical contacts. Registrars may have different names for these, but they allow various levels of domain access. Work with your registrar to fully understand what level of access each contact has to your domain. If you do not know who your current domain contacts are, you can check by performing a WHOIS lookup from ICANN.
Apply Security Patches to Web ServersNo matter what platform your servers run, you must remain diligent in applying all security patches, especially to your web servers. Some thieves will bypass your DNS and go straight to the server itself. If the server has not been configured and secured properly, it is a matter of time before it will be exploited. With so many servers moving to the cloud and being virtualized, sometimes security procedures get overlooked. Nobody will care more about your site’s security than you will. If you have outsourced patch management to a third party, you need to feel confident in that party’s ability to do the job quickly and completely.
ConclusionThere is no single strategy to keep your domain from ending up in the hands of thieves. Websites that offer popular products for online purchase tend to attract the most attention from hackers. But everyone should take steps to make sure their domain is safe and under their own control. You would not place your savings in a bank you did not trust. Your registrar should be available to answer your questions and help you make informed decisions about one of the most valuable assets of your business.
You May Also Like
- Channel: MSPs / VARs / SIsMay 18th, 2022
- Data StorageMay 17th, 2022
- Backup and Disaster Recovery RansomwareMay 12th, 2022