Shadesdaddy sells authentic sunglasses from big names like Oakley, Ray-Ban, and Prada. But in early 2015, someone in China was able to hijack the Shadesdaddy.com domain. The thief did this by gaining access to the registrar account that hosted the domain. Once he had control of the domain, he could redirect traffic to another site that offered counterfeit products meant to trick Shadesdaddy customers. Shadesdaddy was eventually able to
regain control over their domain, but not before customers purchased fake products. Shadesdaddy lost thousands of dollars in revenue as well as trust with their customers. It would take months for IT and management to sort out the mess. Few assets are as valuable to a company as its domain. Yet, many companies do little to protect it. Thieves recognize this and have targeted small businesses lacking an understanding of domain control and management. Shadesdaddy did not know they had been attacked until they noticed a drop in web traffic. Let us look at some of the steps you can take to protect your domain from hijackers.
Domain Hijacking Defined
Losing control of your domain is the simplest way to understand what domain hijacking means. But what does that mean for your business? Here are a few scenarios:- Domain Transfer – This is what happened to Shadesdaddy. Ownership of your domain is transferred to someone else. Once your domain has been transferred to another entity, you must work with ICANN and Verisign to get it back. This is basically the worst-case scenario.
- Pharming – If the hijacker points your website to a malicious site or posts offensive content on your site this is called pharming. Hijackers will often use pharming techniques in order to embarrass or attempt to harm the reputation of another person or company. Defacing a website is an example of Pharming.
- Phishing – This is a sinister form of domain hijacking where the thief replicates a site with the intention of gathering sensitive information. Imagine a hacker sending an email to an unsuspecting customer of Amazon. The email instructs the Amazon customer to update his payment information at a site that looks like Amazon but is owned by the hacker instead of Amazon.
Pick Your Registrar Carefully
Many people do not understand the differences between registrars and simply select the least expensive option without realizing they might be giving up security features in the process. This is not the time to save $20 on a registrar. Some registrars target consumers while others target large or small businesses. Selecting a registrar that offers advanced security features is important even if you do not sell products on your website. Advanced features that are most important to look for are two-factor authentication, lockdown options that protect your privacy as well as automatic domain-lock after a certain number of failed account login attempts. It takes some paperwork and patience to change registrars. That is by design, but it can be done if you are not happy with your current registrar. Some companies are touting their ability to detect and deter domain hijacking. It is best to ask around, do your research and avoid free or cheap options.