Domain name hijacking is an inherent risk in the business. It can happen to anyone, including me.
For this post, I’ll narrowly define it as the wrongful taking of a paid domain name from its registrant without their knowledge and consent. I’ve seen people tossing the word “hijacking” around for a bunch of stuff, which is why I’m limiting this to what it’s been “normally” known by.
Basically what happens in domain name hijacking is someone will try to steal your domain name from you without you knowing it. To that end, they’ll try to break into your domain account, lock you out from accessing it, and do whatever they intended to do.
Before I continue on, some of you might be asking why exactly does this sort of thing occur. Let me try to answer that.
Essentially, they happen for the very same reasons people hijack stuff. Some steal from those they otherwise won’t be able to buy from, while others do so to disrupt, say, their business.
However, it might shock you to know that there are some who do this just for the heck of it. Somewhat similar to serial criminals or drug addicts, some hijackers get a “high” breaking into domain name accounts that instill fear and uncertainty into an end-user who isn’t tech-savvy.
When a hijacker takes over your domain name account, usually they’ll change the contact information within to their own to change its ownership. Worse, this better enables them to transfer the domain name to another registrar.
In my limited experience, transferring a hijacked domain name to another registrar makes recovery much more difficult. Some are pretty much willing to cooperate, while others require a court order.
On the other hand, there are also cases where the hijacker just leaves the details intact. This is to give the impression that everything’s clear.
However, they might have also compromised the email address of the domain name’s WHOIS record. This will still allow them to transfer the domain name out if they can.
So what can you do if ever you found your domain name has been hijacked?
I originally blogged about an article from the Wall Street Journal on this thing. One of the things it stated there is to contact your registrar right away.
I wholeheartedly agree that that’s the first to do if you find you can’t access your domain name account or your email. Contacting your registrar can at least alert them of the possibility that the domain name’s hijacked.
As an aside, I said “possibility” up there because I’ve also gotten cases where some people, unfortunately, made some frivolous claims. Those things also happen, but we treat with them anyway as if they’re real for “professional” reasons.
The challenges lie in proving that you “own” the domain name, your account has been compromised and never authorized any access or transfer. Registrars have different standards on how to gauge whether there’s unauthorized activity or not, and there hasn’t really been any kind of “best business practice” yet other than current ICANN policies about this.
Speaking of ICANN policies, there happens to be one called the Transfer Dispute Resolution Policy. This policy allows a registrar to dispute a supposedly unauthorized domain transfer with the other.
Unfortunately, only registrars can avail of this policy. Moreover, the registrar who initiates the dispute naturally shells out money for a costly venture that doesn’t guarantee successful results.
Truth be told, whether a recovery will be successful or not depends on a variety of factors. It’s really going to take a lot if the hijacked domain name has been transferred to another registrar, namely any “good will” among one another.
Needless to say, domain hijacking won’t necessarily be resolved “instantly”. The fastest I’ve seen such a thing resolved is 72 hours after reporting, the longest…well…never.
I mentioned earlier that one of the challenges of this thing is proving you own (or owned until the hijacking occurred) the domain name. This is where keeping records before this occurred can greatly boost your chances of getting this resolved.
In my previous blog post on the subject, I talked about how important it is to keep as many detailed records of your account as possible. Aside from your billling statement used to pay for the domain name, try to take screenshots of your domain name account.
Note I said “domain name account”. This is because WHOIS databases have various disclaimers of not guaranteeing accuracy and all, although they can probably be useful when trying to prove your claims to the registrar where the hijacked domain name was moved to.
Aside from having screenshots of the WHOIS record, though, I recommend taking another one within your domain name account. This is to be submitted solely to your original registrar.
One “popular” thing various registrars do in hijacking cases is send you a waiver form of sorts. This means you’ll practically not hold them liable before and after all that, but that’ll empower them to take action even more.
Now what can you do to prevent this from happening to you?
First, take very good care of your passwords. Obviously one needs a password to access an account, but some make it so easy for a hijacker to guess and eventually use to break in.
I realize it’s very convenient to use an easy to remember password. But at some point in time, you ought to consider giving away a little convenience for security, especially in the times we all live in nowadays.
Rather than make your password like “goodboydave” (which isn’t my password, of course), I suggest including numbers, upper and lower cases, and special characters to make your password like “G00db0Yd@V3″. Or create a random password, and try to change it online more often for added security.
If you can remember your password like that, so much the better. Plus you get to exercise your brain cells a little. 
While at it, do the same for your security questions if applicable. Try to make it not so easy for anyone else to guess its answer.
Next, take very good care of your email address. A hijacker can also try to compromise your domain name’s email address, and subsequently use the registrar’s password recovery options to try to get in.
Thus, your email address is equally as important as keeping your domain name account secure. Try to use a strong password for your email account.
Combined with some limited experiences in my past registrar life as well as those from other registrars, one observation is that free email addresses tend to create hijacking opportunities. Various reasons range from recycled email addresses to certain vulnerabilities in such and probably little support for freebies.
Last month, graphic designer David Airey had his personal name in .com hijacked. David blogged that it arose from supposedly a vulnerability in his free GMail account, was subsequently resolved.
Fortunately a collective effort, coupled with some assistance from the registrar’s personnel, enabled David to regain his domain name 3 days after. To think this was in December, a very busy month.
Finally, choose an established registrar, preferably one with some kind of “track record” for security. This is one major reason why I’m sticking (and promoting) Moniker, especially since their phone verification helps make it harder to transfer out hijacked domain names.
One of the toughest parts of figuring out which registrar to go to is who can proactively handle hijacking cases at their current prices. Any research and investigative work, including one of this complexity, entails time and money in terms of effort spent, so you’ll likely get less of that when dealing with “loss leaders” (those who charge less than $6.42/year for .com).
I know it’s not easy figuring out who’s the so-called “best registrar” for this job. All I’ll say is try to do your homework, ask questions, then go with your gut. 
All in all, I hope this provides some insight into domain name hijacking, why it happens, and how you can stop it. This article isn’t exhaustive, though, so I’ll write another one in the future.
Be aware, be responsible.
