How to Secure Brand Domain Name
19 Apr 2024
Table of Contents
1. What are the common causes of brand domain name loss? 2. Expiration of domain name 3. Outdated or inaccurate registrar contact information 4. How to prevent domain theft from happening to you? 5. Tips on avoiding buying stolen domain names 6. How to recover stolen or hijacked brand domain names? 7. What is the threat landscape? 8. Conclusion Your brand domain name has become your business’ most valuable asset. Now imagine someone with whom you are in dispute, such as a business competitor, website developer, marketer, or an ex-employee, has redirected or hijacked your website by gaining control over your brand domain name. This is the worst thing that can happen to you and your business. After all, brand domain names are more than just web addresses. They are the reflection of the brand’s identity. So, whether you own one domain name or multiple ones, have been using it for years, or just acquired it, you should be obviously sure to protect it. If you don’t do so, you are highly vulnerable to losing your brand domain names to illegal activities, fraud, or oversight. Yes, unfortunately, all these situations are possible. Hence, you need to be vigilant when it comes to the security of your brand domain name. With that in mind, in this post, we will be exploring different aspects of how you can secure brand domain names and will tell you about the necessary measures you must take. Let’s get started.
What are the common causes of brand domain name loss?
There are several reasons why you lost your brand domain name, with the most common ones being: As we discussed earlier, domain name theft is the most common cause. However, failing to renew the domain name or providing inaccurate contact information to the registrar is also most common. Let’s discuss each of the causes in detail. The common causes of brand domain name loss[/caption]Expiration of domain name
Like your car insurance, brand domain names get expired too after a certain period. When you are registering for a particular domain name, you secure ownership of that domain for a defined period (mostly 365 days). Year after year, you renew the ownership over the domain name before it reaches the end of its registration term. One of the worst things you can do to your business is to let your domain name expire. Don’t forget the debacle of 2010 when professional American football team Dallas Cowboys overlooked to renew its domain name that led to other miss-happenings or in 1999, when Microsoft forgot to renew two of its major domain names, causing Hotmail to be impossible to reach for many users. This can happen to anyone. It is not like that you deliberately chose not to renew the domain. Since the renewal period is due every once a year, you may fail to realize the domain has expired. To overcome this dilemma:- Ensure that your domain name registrar’s email isn’t in your Spam folder. It often happens that when you are using a spam filtering service, updates and renewal notices from the registrar are sent directly to the Junk or Spam folder. So, you need to filter out the important email addresses, especially your registrar’s.
- Make sure that your contact information, especially your email address, is up-to-date. Most domain name expirations happen to owe to the failure to receive renewal notices. If your email address is out of date or you have changed your email address and informed the same to your registrar, you will not receive any updates or notifications from the registrar.
- The best way to overcome this issue is to regulate the domain name auto-renewal. If your domain name registrar offers this service, then you don’t have to worry about anything. The registrar will execute auto-renewal just before your domain expires.
- If your brand domain names are valuable to your business, renew them early and for a longer period. Domain name ownership lasts based on the package you have bought. You can opt for a 5-year plan, but it can be expensive. Renewing your domains for a longer period means you can focus on your business without worrying about your domains getting expired.
- You need to keep track of your domain name renewal date. And in case, if you own multiple domain names, check with your registrar whether or not they offer domain consolidation features. Consolidating your domain names means you will have all your domains and expiration dates placed inside a master account with a single dashboard. This ultimately means that you can access all your domain names at once.
Outdated or inaccurate registrar contact information
You need to understand that registrars don’t send out notifications and renewal notices via postal mail. When you are registering for a domain name, you will be asked to provide your valid email address.- When providing your contact information, ensure that everything is up-to-date. Give the permanent email address that you use on a daily basis. And refrain from using free-service emails that expire if you don’t use them regularly.
- You need to keep your domain account billing information accurate. It is because if you use the auto-renewal feature, you need to provide the right payment information so that the registrar can renew your domain from your bank. If you change the payment mode, say to credit card, update the details as soon as possible.
- Your domain name registrar will use your contact information. Not only to send account summaries or renewal notices but will also use it for account management features like sending forgotten passwords, account verification, new deals and offers, and more.
Domain Name theft
Brand domain names are always vulnerable to hijacking or getting stolen. Domain theft, also known as domain stealing, is criminal activity on the internet. It includes transferring domain names illegally to another domain registrar without the consent of the owner.The majority of online businesses rely on their brand domain name. So, when domain theft, your entire business can suffer.It is always daunting to imagine that your web-based services, including email, have stopped working. While your web hosting technical may say that your web server is working just fine, it can be the DNS that no longer points to your name servers. It could be your worst nightmare finding that your brand domain now belongs to a new person. Why did this happen? You might be thinking how could this happen to you! Well, bluntly speaking, someone hacked you. Your brand domain name was too hot, appealing to many competitors out there. Or someone did it to take revenge, say an ex-employee or partner. Most often, hackers try to access the email address linked to your brand domain name. Since your email address is publicly available (by fetching a WHOIS query), it is not often protected. If the attackers get access to your email, the first thing they will do is try logging in to your registrar and if you are a fool and have been using the same password for both the services – email address and domain registrar – it won’t take much time for you to lose the ownership of your brand domain name. Once they access your domain name registrar account, they will unlock the domain name, retrieve the EPP (Extensible Provisioning Protocol) code (also known as transfer secret), and will transfer your domain to another registrar.
How to prevent domain theft from happening to you?
Experts at Brandnic have suggested some tips, or you can say measures you can take to ensure that your brand domain names remain protected from being illegally moved to another registrar.- You need to leverage two-factor authentication (2FA) on your domain contact email because the hackers will target the email linked to your domain name. This is the email you use for executing every domain related queries, such as changing password, making changes to the domain contact, etc.
- Legacy email providers: Yahoo, Comcast, Verizon, AOL, etc. use ISP-based email addresses that are old and vulnerable email systems. Refrain from using them since they are easy targets for attackers. There have been cases of data leak attacks on these email systems in the past. Always use email systems like Gmail or ProtonMail that have two-factor authentication.
- Unless you have strict and intelligent authentication mechanisms: Such as limited logins by region/country with GeoIP technologies or two-factor authentication, refrain from hosting your email in your own infrastructure. Popular third-party servers like ProtonMail, Business Premium accounts, Office 365, and Google’s G Suite, among others the best platforms for hosting your email.
- Always use a trusted password manager that will allow you to boost security: Password managers can generate complex random password combinations and can also keep all your passwords in a secure place.
- If you receive any suspicious email from your domain registrar: Do not click open the link. Contact the customer service of your domain provider and ask for the details about the email that they have sent to you. It could easily be fake email by the attackers. You have to make sure that the email is legit and isn’t spoofed that will open up a phishing page.
- Attackers know how you think and what you think: They can easily guess the most common security answers you will provide to the default security questions. So, ensure that the answers you provide to the security questions aren’t the real ones. Hackers are smart enough to run intel research on you. So, be creative with your security answers but not authentic. Always generate a random password using a quality password manager because they won’t be able to crack the hard-to-guess password.
- Opt for Domain Privacy: It is a feature that most domain registrars offer to their customers for free or at a small monthly charge. This feature prevents contact details, address, and your name from being made public in WHOIS records.
- Last but not least: You need to be careful about who else is listed in your contact details. Only you or your organization must be listed as the administrative contact and the owner of the domain name, and not your assistant or web developer.
Tips on avoiding buying stolen domain names
What if you were on the other side – say you were a domain name buyer?You came across a very good deal on a short, simple domain name, say 4-6 characters that you want to purchase.To read about - how short letter domain name makes a great impact on the audience? Now, before you purchase the domain name, you would want to find all the necessary details about the individual who is selling the domain. It turns out to be all good - the person you are buying from seems legit, the authentication code has been passed, and now you are the brand new owner of the domain name. Tips on avoiding buying stolen domain names[/caption] But, hours or days later, suddenly, the real owner contacts you stating that he/she is the legitimate owner of the domain brand name you are using and that it was stolen. What now?... What can you do in this situation? ... Well, all you can do is file a dispute with the payment processor used for making transactions to get your money back. It is the wisest thing to do at this time. And most importantly, you would want to give back the brand domain name back to its original owner since using a stolen domain is illegal.
Tips to avoid getting involved in illegal brand domain-selling activities
Consider the following tips to avoid getting deceived by domain thieves:- First and foremost: You need to determine the trustworthiness of the domain name seller. Perform thorough research about the company or the person who is selling brand domain names. The best way to do this is by asking for opinions on specialized domain forums. You need to determine whether the seller has any trouble with other members of the forum, does the seller have had any suspicious selling activity before, and is their profile trustworthy. You need to keep all these aspects in mind before making your final decision. If you feel suspicious of any of the mentioned factors, immediately take your step back.
- You can take the help of third-party intermediate services: Who are known for handling such cases, like Escrow. Such service providers boast all the necessary tools to help you cope with the problem.
- If you are suspicious but still want to buy that domain, make the transaction using bank transfer. This is because the legal authorities can easily trace the seller in case of any fraud.
- Most importantly: You need to investigate the IP details, DNS changes, nameserver, and WHOIS history of the brand domain name you are about to buy. You need to look for irregularities, especially about the contact details and last update date. If you find anything weird about the domain, don’t go for it before asking the seller about it. If you feel like the domain name address has been changed recently, immediately contact the owner.
- Think twice: If the name you are about to buy has a good 3-4-letter combination, then its price will no surprisingly range from 15-20 thousand dollars. If you are getting it way cheaper than expected, don’t you think it’s suspicious, ask yourself, is it worth wasting time and money? Well, sometimes, the real owner may sell the domain for a cheap rate, but you must dig deep into the owner before making the purchase decision.
How to recover stolen or hijacked brand domain names?
If your domain names have been hijacked or stolen, the first step you should take is to contact your respective domain registrar. Explain the support team about the entire situation. You will have to complete any required paperwork and provide the relevant details about your stolen domains. If the name has already been transferred to another domain registrar (which is probably in some other country), the registrar itself is of no help. Hence, there is no other way to recover your stolen domain than getting legal help. Recovering by getting legal help[/caption] The only entity that can help you in this situation is ICANN – Internet Corporation for Assigned Names and Numbers. It is a non-profit organization that coordinates the procedures and maintenance of numerous databases related to the numerical spaces and namespaces of the internet. Without this coordination, we would not have one global internet. When you approach ICANN, as usual, they will ask you several questions, including whether you have contacted your domain registrar, hosting provider, and even law enforcement. You will have to prove or demonstrate that the domain that was stolen or hijacked is rightfully yours. Unfortunately, many victims who contact ICANN fail to prove that the stolen brand domain is theirs to use.What is the threat landscape?
There are two types of consequences when domain theft happens –- The hacker changes registration contact details and takes control over the brand domain names registered under the compromised account
- The hacker alters DNS configuration so that the DNS resolution (a process of translating IP addresses to domain names) is performed by the name server and not operated by the victim.
The domain recovery procedure
You can submit a complaint about the illegal transfer of your brand domain names to another party, dispute between you and the registrar, or trademark infringement. All this requires proper documentation that proves there was an association between you and the registrar, including your details, and the stolen domain name, prior to the incident.What are the documents you need to submit to make your case?
The purpose of documents is to prove that you had a prior claim to the stolen domain name. The following documents will come in handy when you are registering a complaint.- You have to submit the domain’s complete history that includes copies of registration records. It is to show that you or your business was the rightful owner of the stolen domain.
- Email receipts and billing records that show you have maintained account currency.
- You need to submit archives, web, or system logs that illustrate that the stolen domain name incorporates the content you have published.
- You need to submit a copy of the financial transactions associated with you and the domain name. You can provide bank statements or credit card transaction details, along with contact phone numbers, business addresses, and the merchant name. Here, the merchant name is the registrar, and the stolen domain name is the merchandise.
- Marketing materials, telephone directories that mention the stolen name.
- Any legal documents, such as a contract for the sale of a business containing a clause that states, “ In the condition of a sale of a business, the seller agrees to transfer the business domain name to the buyer.” Something like that.