![\"\"](\"https:\/\/uptimerobot.com\/blog\/wp-content\/uploads\/2023\/07\/domain-name.png\")
<\/a><\/p>\nBut the right domain name can also be a money powerhouse.<\/p>\n
You probably paid as little as $20 for your domain name, but the biggest names out there cost a lot more<\/strong> than that.<\/p>\n The most expensive domain name acquisition<\/a> to date was the purchase of \u201cCars.com\u201d in 2014 by Gannett, in a deal that valued the domain at a whopping $872 million<\/strong>.<\/em><\/p>\n Source: Name.com<\/p><\/blockquote>\n Trailing behind are:<\/p>\n Shocking, isn\u2019t it?<\/p>\n With such huge value, it\u2019s no surprise that domain hijacking has become a significant threat<\/strong> \u2014 a threat often overlooked but capable of causing immense damage if not dealt with promptly and correctly.<\/p>\n Domain hijacking (also known as domain theft or domain slamming) is just what it sounds like \u2014 the takeover of a domain name from the rightful owner.<\/p>\n So, how common is domain hijacking?<\/p>\n Although obtaining concrete figures is challenging, the World Intellectual Property Organization (WIPO) handled over 7000 cybersquatting cases<\/strong> in 2022.<\/p>\n The number of cases filed<\/a> to the World Intellectual Property Organization has increased, especially since 2012, when there were around 2900 such disputes.<\/p>\n Source: Statista.com<\/p><\/blockquote>\n As a general rule, hijackers tend to target domains that are either financially or strategically valuable.<\/p>\n \u27a1\ufe0fFinancially valuable domains<\/strong> include short, one-word domains or those containing popular or industry-specific keywords. The Cars.com and Insurance.com examples mentioned above are great examples.<\/p>\n \u27a1\ufe0fStrategically valuable domains<\/strong>, on the other hand, are more about the value of taking over the website of successful businesses or organizations. For example, hijacking a major online retailer’s domain during peak shopping season could cause significant revenue loss for the original owner and huge financial gains for the hijacker.<\/p>\n \u2705 Has traffic Hijackers can use many different tactics to take over a domain, including:<\/p>\n Phishing attacks are one of the most common ways<\/strong> a hijacker can gain access to a domain, perhaps because it\u2019s so simple.<\/p>\n All a hijacker needs to do is send deceptive emails to the domain owner, pretending to be from the domain registrar or another trusted source.<\/p>\n These emails often contain links leading to fraudulent websites \u2014 and once the domain owner enters their login credentials, the hijacker can easily capture them.<\/p>\n Security vulnerabilities<\/strong> in the domain registrar’s system can also serve as an avenue for domain hijacking. According to a report by Palo Alto Networks\u2019 Unit 42, phishing and software vulnerabilities cause nearly 70% of cyber incidents<\/a>.<\/p>\n If the domain registrar you used has weaknesses, a hijacker can break in and alter a domain’s ownership details or redirect the domain to a different server.<\/p>\n Another prevalent method for hijacking<\/strong> is related to domain expiration or ‘drop-catching’.<\/p>\n When a domain isn’t renewed before it expires, it becomes available for anyone to register \u2014 and this is when hijackers can snatch them within seconds of becoming available.<\/p>\n You can easily avoid this with Domain expiration monitoring<\/strong> from UptimeRobot.<\/p>\n Start monitoring domain expiration<\/a><\/p>\n Although less common, brute force attacks are also a possibility. This technique involves an attacker systematically attempting all possible password combinations<\/strong> until they find the correct one.<\/p>\n As the saying goes, “Prevention is better than cure,<\/em>” and the same rings true for securing your domain.<\/p>\n A strong defense involves a combination of robust security and privacy measures<\/strong>, as well as constant vigilance. Regularly maintaing your website<\/a> is a must for online businesses.<\/p>\n Here are some of the most effective strategies that can serve as barriers against potential hijackers:<\/p>\n How secure are your passwords?<\/p>\n According to a 2021 National Cyber Security Centre report, \u201c15% of the population used pets’ names<\/a>, 14% use a family member’s name, and 13% pick a notable date<\/em>\u201d as their password.<\/p>\n Even worse, 6% of people are still using the word “password”<\/strong> as their password.<\/p>\n To prevent cybercriminals from breaking into your accounts, use a strong, unique password instead<\/strong> \u2014 ideally by combining upper and lowercase letters, numbers, and symbols.<\/p>\n You can also use a password manager to generate and store complex passwords for you.<\/p>\n When you register a domain, your information (name, email, and address) is automatically added to the WHOIS directory<\/strong> \u2014 and this can make you a target for domain hijackers.<\/p>\n To lower your risk, you can opt to pay for \u201cdomain privacy,\u201d which replaces your personal information with the information of a forwarding service and protects your identity.<\/p>\n Two-step verification through SMS text messages can stop 100% of all automated attacks<\/a>, 96% of bulk phishing attacks, and three-quarters of targeted attacks.<\/em><\/p>\n Source: Google<\/p><\/blockquote>\n This is because even if a hijacker manages to acquire your password, they would still need the second verification factor (like a unique code sent to your mobile device) to access your account \u2014 making it almost impossible to break into your accounts.<\/p>\n Most registrars provide an option to ‘lock’ your domain.<\/p>\n This feature prevents any changes to the domain’s ownership<\/strong> or name server information without your explicit approval.<\/p>\n Simply put, it means nobody else but you can transfer or make modifications to the accounts connected to your domain.<\/p>\n When a domain expires, it goes into something known as \u201cdomain drop list,\u201d where somebody else can find it and buy it<\/strong>.<\/p>\n According to The Daily Swig, \u201cCybercriminals can easily use dropped domains for any attack vector that exploits an organization\u2019s identity<\/a>, such as account takeovers or phishing campaigns that leverage false business invoices<\/em>.\u201d<\/p>\n As an illustration, let’s consider a popular gaming company that inadvertently fails to renew their domain ‘gameworld.com’.<\/p>\n Opportunistic attackers could seize the domain and create a deceptive website mirroring the gaming company’s legitimate site<\/strong>.<\/p>\n However, unbeknownst to users, every download link on this fake website conceals malicious files, leading to potential security risks for unsuspecting gamers.<\/p>\n TIP<\/strong>: You can track your domain expiration with UptimeRobot<\/a> \u2014 and receive alerts 30, 14, 7, and 1 day before the domain expires. This gives you enough time to prevent disasters and protect all your domains from falling into the wrong hands.<\/p>\n Recovering a domain that was hijacked can be a complex and frustrating process.<\/p>\n Unlike physical property, digital property ownership isn’t always clear-cut and many registrars lack robust mechanisms to handle domain disputes<\/strong>.<\/p>\n There\u2019s also the issue of international rules and regulations \u2014 it\u2019s basically impossible to take back a domain from somebody on the other side of the world.<\/p>\n As a report published by Huffington Post accurately points out, \u201cWhen hackers steal a web address, <\/em>few owners ever get it back<\/em><\/a>.\u201d<\/p>\n A good example of this is what happened to the owner of the website MLA.com.<\/p>\n The domain was originally purchased in 1997 for a modest $600, but by 2014, it was valued at $47,000. That is, until somebody hijacked the domain.<\/p>\n Despite the original owner’s efforts (which included filing a lawsuit against the Russian hijacker), the domain was never recovered.<\/p>\n As of 2023, it is available for sale for an impressive $125,000<\/a>.<\/p>\n Anybody can be a target for domain hijacking, but high-profile organizations are at a higher risk simply because their domains are worth a lot more money.<\/p>\n Here are some crazy examples of domain hijacking you won’t believe are real.<\/p>\n One of the best-known cases of domain hijacking dates back to the early days of the Internet.<\/p>\n It was 1995 when a hijacker stole the domain Sex.com<\/a> from its rightful owner and used it to operate a pornography site.<\/p>\n It took several years before a U.S. District Court would order the hijacker to return control of the domain<\/a> and pay the original owner a $65 million judgment.<\/p>\n Just in case you were wondering, the hijacker didn\u2019t pay and instead chose to run. He was finally arrested in 2005.<\/p>\n In 2011, cybercriminal Daniel Goncalves became the first person ever to go to prison<\/a> (for five years) for domain name theft.<\/p>\n Goncalves had stolen the domain name p2p.com (which stands for \u201cpeer to peer\u201d) and sold it via eBay for over $100,000<\/strong> to NBA basketball player Mark Madsen.<\/p>\n Funnily enough, Goncalves had stolen the domain the old-fashioned way: by hacking into an AOL email account and copying the login<\/strong> and password details for the Godaddy account where the domain was registered.<\/p>\n In 2015, the domain name for Google’s search engine in Vietnam was briefly hijacked and redirected to a website showing a Caucasian man holding an iPhone promoting cyberattack tools.<\/p>\n\n
Understanding Domain Hijacking<\/h2>\n
<\/a><\/p>\nWhat makes a domain valuable?<\/h3>\n
\n\u2705 Search friendly
\n\u2705 Niche relevant
\n\u2705 Brandable
\n\u2705 Popular TLD
\n\u2705 High SEO authority
\n\u2705 Generates income<\/p>\nThe Mechanics of Domain Hijacking: A Deeper Dive<\/h2>\n
\n
Phishing<\/h3>\n
Security Vulnerabilities<\/h3>\n
Domain Expiration<\/h3>\n
Brute-force Attacks<\/h3>\n
<\/a>Proactive Steps to Safeguard Your Domain<\/h2>\n
Employ strong, unique passwords<\/h3>\n
<\/a>Keep domain registration information private<\/h3>\n
Enable Two-Factor Authentication (2FA)<\/h3>\n
Lock Your Domain<\/h3>\n
<\/a>Monitor domain expiration<\/h3>\n
The Aftermath: Why Hijacked Domains are Hard to Recover<\/h2>\n
Infamous Examples of Domain Hijacking<\/h2>\n
sex.com<\/h3>\n
p2p.com<\/h3>\n
Google.com.vn<\/h3>\n
<\/a>Perl.com<\/h3>\n