When your domain name gets stolen…

This is a guest post by my friend, Bill Hartzer, who I’ve known for over a decade as a world-class SEO and domain expert. We have 431 mutual friends on Facebook.

I saw him share this knowledge on Facebook and absolutely had to share it here on my blog with his permission.

As you may (or may not) know, I run a company called DNProtect.

We protect domain names, offer a domain name protection service, and also recover stolen domain names. Unfortunately recovering domain names takes up quite a bit of my time, as it’s a huge problem that no one talks about.

People are literally waking up in the morning, their email doesn’t work, their website is down, and they quickly realize that their domain name has been stolen. DNProtect is the ONLY company that currently offers a service to recover domain names.

Your domain name is your most important asset. If you lose it, your website is down, email doesn’t work. And if you’re selling stuff online or you’re getting your leads that way, it can be a HUGE hit to your business.

Your business STOPS instantly if you lose your domain name.

I am flabbergasted, to say the least, that people have less security on their domain name(s) than they do on their websites. They pay a domain registrar the least possible for domain registration services. And don’t pay attention to their domain name.

But one mistake can literally take away your business overnight.

I see this happening over and over again, several times a day because I personally help people recover their stolen domain names. It’s tough to see someone desperate to get their domain name back after it’s stolen, and I never want to see YOU in this situation.

Frankly, I do not want to ever have to talk to you about your stolen domain name.

So, here are some things that I have learned after recovering a LOT of stolen domain names for clients. These are things that are easy to do, and things that I wish my clients had done so they wouldn’t be hiring me to recover their stolen domain.

Do these right now, today. And please share this with everyone you can, as I know that there are so many people out there that have no idea that stolen domain names are a big problem.

Set up 2FA (two-factor authentication) whenever it’s offered to you by your domain registrar. If they don’t offer it, transfer your domain name to another registrar.

If you are going to use 2FA, consider adding a physical key to that process. You can get a Yubikey inexpensively and add that to the 2FA process. Hackers won’t have the physical Yubikey, so they cannot gain access to your account.

Google offers Google Advanced Protection, so you may consider adding that if you use a Google Account for access to a Google Account (Google Domains). I recommend setting up 2FA when you can, but people need to realize that it is NOT foolproof.

Hackers routinely turn 2FA off when stealing domains. The 2FA that uses an app like Authy or Authenticator (an authenticator app) is better than simply getting an email with a code. An SMS text message with a code is better than an email code, but that can be bypassed easily by hackers as well, and I’ve seen hackers steal domains with the SMS text message 2FA turned on.

Turn on the registry lock if it’s offered. It is different than registrar lock. This basically makes it more difficult to make changes to the domain, especially name server changes. It’s just another level of protection but can be turned off by the hacker.

Register the domain at least 5 years in advance. If it’s stolen or transferred there will be no question as to whether or not it simply expired. I’ve run into this over and over again when recovering domains. We can easily rule out expiration since it was registered a few years in advance (easy to see via whois history).

Do NOT rely on “auto renewal”, as we constantly hear from people who lose their domains because auto-renewal was turned on and their credit card was “supposed to be” charged. And it was not. (Credit card didn’t go through, etc.).

Never use a “free email” such as Gmail, Hotmail, Outlook, etc. as the contact email on the domain. Those accounts routinely get hacked, compromised, etc…

Make sure that you don’t ever use the same email address as the domain. For example, in the whois record of hartzer(.com), don’t use bill@hartzer(.com). If it’s a stolen domain, there will be issues recovering the domain. And you cannot gain access to the domain easily if the domain is using the same domain that has been stolen.

If the domain is stolen you won’t have access to email on that domain. So you cannot easily communicate with your registrar or with me, who is trying to recover your domain name for you.

If you use another email address in your WHOIS record, as recommended, make sure you RENEW that domain name as well. If the domain with that email address expires, then the domain thief just has to get access to that domain name with that email and they can steal your other domain name, as well as any other domain names using that email address in the WHOIS record.

That’s how AirBNB had Tilt.com stolen from them. They had an email address @customtilt.com in the WHOIS record, and someone bought customtilt.com and then stole tilt.com from AirBNB. So, don’t do that.

Finally, consider NOT using whois privacy on domains you really care about. Use a UPS Store address if you have to. But don’t use whois privacy. When it comes down to recovering the domain, when you have to prove ownership, it’s a lot easier if you have not used whois privacy on the domain.

Domain thieves will immediately turn on privacy when they gain access to the domain, then they will attempt to transfer the domain out. There are other ways to make sure that you don’t get your domain name stolen and don’t have to use DNProtect to recover your stolen domain name.

But I won’t reveal all of those since I don’t want to give any extra hints to hackers and domain name thieves on how to steal domain names. If you do the above things, you’re going to have a lot less risk than before.

And, of course, if you’re interested in protecting your domain name(s), check your DNP Score for free at DNProtect.com and get your domain risk score as high as you can.

99You, Marc Harty, Michael Stancil, and 96 others25 Comments6 SharesLikeCommentShare

Scroll to Top