Hartzer Consulting provides domain name recovery services. Bill Hartzer, a domain name expert, has personally handled hundreds of cases for clients whose domain names have gone missing. There are many reasons why a domain name can go missing, and the owner of the domain name no longer has control over it. For example, the domain name has been stolen, the domain name was not renewed, or the domain name registrar account was accessed by an employee or a former employee and the ownership details were changed. Whatever the reason that a domain name has gone missing or is no longer in control by its owner, the owner needs domain name recovery services. First, let’s review domain name theft and whether or not the domain name was actually stolen or not. Depending on the current status of the domain name–whether or not domain name theft has occurred, will help us determine the best course of action going forward so that the domain name can quickly be recovered.
What is Domain Theft?
Domain names are digital assets, have monetary value, and can be stolen from their current owners. Domain name theft, also known as domain theft, occurs when someone literally transfers ownership of a domain name from the rightful owner without permission of that owner. A domain name is considered to be stolen, and domain theft has occurred, when an individual or organization changes any of the contact information on the WHOIS record of a non-expired domain name without the current owner’s (registrant’s) permission.
Domain name theft is sometimes confused with losing a domain name because of clerical or administrative errors where a domain is lost due to non-renewal or non-compliance with registrar Terms of Service. It can also be confused with the failure to renew a domain name by the current registrant and another individual or organization registers the domain name. In some cases, a new legal registrant may purchase the domain name at a domain name auction, thereby becoming the new owner without the express consent of the prior owner.
When Domain Name Theft Has Not Occurred
Domain names must be renewed annually, or registrants may choose to renew the domain name for several years in advance. They may also choose to purchase a “forever registration”, which they can do at Epik.com. Domain name theft has not occurred when the current registrant, for whatever reason, fails to renew a domain name before the expiration date in the WHOIS record of the domain name.
When domain names are not renewed by their owners, the domain name eventually becomes available for renewal on a first come, first-served basis. Some domain registrars choose to sell domain names that have not been renewed at a domain name auction. Others choose to let the domain name expire, or “drop”, in which case these domains can once again be available for anyone to register the domain name.
Domain name renewal policies differ from registrar to registrar. Domain names can be set to auto-renew by the registrants, whereas the domain name is automatically renewed, and a credit card is charged for the annual renewal fee. Domain name registrars will attempt to renew the domain name prior to the expiration date. If the registrar is unable to auto renew the domain name (e.g., they are not able to charge the credit card, or the credit card is declined), then it is not renewed. The domain name will then go into “On Hold”, “Pending Delete” status, and then it will expire, and become available for anyone to register. When this happens, the domain name is not stolen, and it does not constitute “domain name theft”.
Domain Name Drop Catching and Expired Domains
When domain names are not renewed, they oftentimes will be put up for auction to the highest bidder, or the domain name will “drop” and become available for anyone to register. Many individuals and organizations identify valuable domain names and attempt to register these domain names the ‘second’ that they are available using specialty “drop catching” software, or they will bid high and win the domain name at a domain name auction.
The new owner may sell the domain name to anyone who wishes to purchase the domain name, even selling the domain name to the previous owner for a higher amount than the usual domain name registration fees. Domain name registrants do not have a “right” to a particular domain name, even after the domain name expires. There are, however, special considerations and “rules” when it comes to domain names that contain trademarks, in which case a domain name may be “recoverable” via the UDRP domain name dispute process.
How Thieves Steal Domain Names
There are several ways a thief can steal a domain name. Some are quite obvious, while other ways are more difficult to identify.
A domain name’s WHOIS record contains information that allows the thief to steal the domain name. For example, the email address on the WHOIS record has an email whose domain name has expired. The thief buys the expired domain name, re-establishes the email address that was listed on the WHOIS record, and then is able to gain access to the account at the domain name registrar. They then log into the account, change the contact information on the WHOIS record to their own, and steal the domain name.
The thief gains access to the account at the domain name registrar. There are a few ways they do this, and it could involve hacking into the account, or “social engineering” the customer support staff at the registrar. Either way, they gain access to the account, where they change the contact information.
There are many more ways whereby domain theft can be accomplished. For security reasons, this topic will not be elaborated on here. However, in all cases, if a domain name is truly stolen from its rightful owner, it is almost always recoverable. The recovery process may take time. It is typically done through an ICANN-managed process known as TURF.
The urgent step to be done first is to secure a registrar intervention to temporarily lock a stolen domain. This is typically done by contacting a member of the executive team that is harboring the stolen domain to alert them to the theft. Although there are hundreds of registrars, the industry leadership is small enough whereby a timely phone call can save the day.
The essential point is that when a domain name theft does occur, the quicker it is identified the quicker it can be recovered and returned to its rightful owner. Once a stolen domain has been re-sold, or re-transferred, the process becomes rapidly more complicated due to the need to unwind multiple links in the chain of title.
Why Thieves Steal Domain Names
Why do domain names get stolen? It’s pretty simple. Domain names have value, and some have sold for thousands of dollars, hundreds of thousands, and even millions of dollars. Thieves usually steal domain names because they are able to resell it to an unsuspecting person or organization often at a steep discount to the fair value since time is usually of the essence. In most of the cases we’ve seen, the domain name is stolen because the thief wants to sell it quickly. In some cases, domains are stolen not mainly for the purposes of monetary gain but for reasons of outright sabotage — the unauthorized transfer of a name to a new registrant could tie up a domain for weeks or even months if the new registrant forces a legal process in order to recover the stolen domain.
Preventing Domain Hijacking
Domain hijacking is becoming a growing problem for domain owners. Domain hijacking is the illegal taking of domain names from their rightful owners. This can be done by changing the domain registry’s registration. Domain owners may face severe consequences, including losing their website, reputation and business. It is crucial to take every step necessary to secure and register your domain.
It is vital to register your domain name at a trusted registry in order to prevent it being stolen. Two-factor authentication is required to confirm that you are the real owner of the domain. The registrar must take strong security precautions. It is important to maintain the domain registrar’s contact information up to date and to verify that technical and administrative contact details are correct. If there is suspicious activity within your domain, the domain registrar may contact you. Last but not least, ensure that you have a strong password for your domain registration. It is vital to keep your password current.
Some additional strategies for protecting your domain name from being hijacked and stolen include:
- Maintaining strong passwords at your domain registrar
- Keeping your contact information up to date
- Setting up two-factor authentication
- Installing web application firewalls
- Monitoring domain name changes
- Using a reputable registrar with good security measures
- Staying informed about potential threats
Recovering Your Domain Name
First, we recommend reading the various scenarios we have described above in order to determine whether or not the domain name has truly been stolen.
If indeed your domain has been stolen, follow these steps:
- Check to see if you still have access to the account at the domain name registrar. If you have no access, try the “forgot password” option at the registrar.
- Check the WHOIS record of the domain name and see if the domain name is still registered at the registrar where you registered it. If so, then contact them via their customer support.
- If the domain name has been transferred to another registrar, contact your registrar and talk to them about what happened carefully noting the details of the call.
- File a report of the theft with your local authorities so the theft is documented in case the recovery process will require litigation in order to recover it.
- If it appears that the domain name has, in fact, been stolen, then contact us at Hartzer Consulting after you have filed the report with your local authorities. Hartzer Consulting can help you recover the domain name. Contact us immediately if you believe your domain name is stolen.
We cannot stress enough that time is of the essence: when a domain name is stolen, it needs to be reported and acted upon within hours (and not within days). The sooner that you report the theft, the sooner that you contact Hartzer Consulting about the domain name theft, the easier it is to recover. Domain name thieves can be relentless in their attempts to hide their involvement. A domain name can be stolen, transferred to another registrar, sold to another buyer, then sold again and again within a matter of days.
- Hartzer Consulting can help you recover your domain name if it is stolen. Contact us immediately via our Contact page