Domain Name Wire | Domain Name News & Website Stuff

Domain Name Industry News and Website Stuff

Featured Domains

How to keep your domains from being stolen (2019 edition)

by Domain Registrars 4 Comments

Consider these eight safeguards to keep thieves away from your domain names.

image of hackers breaking into online passwords, credit cards

If you own domain names–particularly good names–you are at risk of having your valuable assets stolen from you.

Thieves will try to compromise your domain registrar account (sometimes by first compromising your email account) and transfer the domains to another registrar. Sometimes they won’t change your nameservers, so you might not realize the domain name is stolen until much later. This makes it harder to recover the domain name.

Here are some tips to protect yourself from domain theft:

  1. Use two-factor authentication at your domain name registrar. Any reputable domain name registrar offers two-factor authentication. A thief then needs access to a secondary device (such as your phone number) if they want to crack into your account.
  2. Use secure email with two-factor authentication. A common way thieves get into your registrar account is by compromising your email. Once they have access to your email they can reset the password at your registrar. I’ve heard some advice that suggests you shouldn’t use free email services for your domain accounts. I disagree; web-based email services can be some of the most secure options. Consider using Gmail with a physical security key as secondary authentication.
  3. Use a different email address for your registrar account than Whois. While many registrars have masked email addresses in Whois, some still show it. Thieves use the email address on a Whois record as a starting point. They try to hack that email account to access the registrar account. One way to stump them is to use a different email address for your registrar account.
  4. Use a password manager. Another way thieves get into your registrar account is by phishing. They use your email address from Whois to ask you to log in to a fake site. They grab your credentials when you do this. Two-factor authentication (see #1) can stump them even if they have your username and password. Using a password manager can stop you from falling for the phishing scam because it won’t allow you to auto-fill your credentials on the wrong site.
  5. Remember that Whois privacy is a double-edged sword. While thieves use public Whois info to try to break into your account, masked Whois records aren’t always better. After all, if your domain is stolen it might not be reflected in the public database. It will be more difficult for you to discover that your domain is stolen.
  6. Use GoDaddy’s domain transfer verification services. This only applies to GoDaddy customers that have Premier Services account managers. The minimum to be considered is 300 domains but there are other qualifications, too. (Here are the qualifications from 2013.) With this added service, your account representative will call you to verify all domain transfers that aren’t Afternic fast transfer sales. It slows down the process but it’s a very good layer of additional security.
  7. Add transfer lock to your domains at your registrar. 
  8. Track your domains. Use a service like DomainTools to track your domains. You’ll get alerts when a domain is unlocked, transferred to another registrar, etc.

Feel free to comment about additional safeguards you take to protect your domain name portfolio.

Stolen domain name EQN.com returned to rightful owner

by Policy & Law 3 Comments

Thief doesn’t show up to defend lawsuit.

Picture of thief at laptop computer

Verisign has transferred the domain name EQN.com to its previous owner after a judge ordered the transfer.

Blackshore Properties, Inc. of San Marino, California acquired EQN.com in a NameJet auction in 2011 for $4,950. A thief subsequently stole the domain name from the company and transferred it to Chinese domain name registrar 22.cn in 2016.

Blackshore filed an in rem lawsuit in October last year in U.S. District Court in Virginia where .com registry Verisign is located. The thief (not surprisingly) didn’t show up to defend the domain, so the judge ordered Verisign to return the domain name.

The registrar for the domain switched from 22.cn to Enom around February 1, 2019. Enom doesn’t publish Whois records but the transfer likely indicates the domain has been returned to the legitimate owner.

David Weslow of Wiley Rein represented Blackshore Properties.

Lawsuit filed to recover EQN.com domain name

by Policy & Law 0 Comments

Domain was stolen in 2016, according to lawsuit.

A California company has filed a lawsuit (pdf) to recover the domain name EQN.com, which it says was stolen from its Enom account.

Blackshore Properties, Inc. of San Marino, California acquired EQN.com in a NameJet auction in 2011 for $4,950.

According to DomainTools historical Whois records, the domain name was transferred to a Chinese registrant at domain registrar 22.cn between May 5, 2016 and September 23, 2016. The lawsuit alleges that this transfer was theft.

The suit was filed in U.S. District Court in Virginia where .com registry Verisign is located. Assuming no one shows up to defend the in rem lawsuit, the just will likely enter an order of default judgment and order Verisign to transfer the domain name.

Valuable three-letter .Com domains stolen

by Policy & Law 11 Comments

NNN.com, Wok.com among domains man claims were stolen.

A Japanese man alleges that valuable domain names were stolen from his registrar account and transferred to another registrar. These aren’t run-of-the-mill three-letter domains, either. Among the domains he says are stolen include nnn.com and wok.com.

Yoshiki Okada filed (pdf) the in rem action in U.S. Federal District Court in Virginia where the .com registry Verisign is located. Okada claims that eol.com, fde.com, jol.com, nnn.com, olp.com, tang.com, wok.com, wtv.com, and zhang.com were stolen from him.

It’s unlikely that the alleged thief will show up to represent himself in Virginia. In most cases, the judge in this type of lawsuit will accept a default judgment and order Verisign to transfer the domains. The exception is when a stolen domain has been re-sold, in which case the buyer might try to defend the domain name.

 

Former SNN.com owner goes to court to recover domain name

by Policy & Law 4 Comments

Original registrant files lawsuit after failing to recover domain name through UDRP.

The former owner of SNN.com, who says his domain name was stolen, has filed a lawsuit (pdf) in Virginia to try to recover the domain name.

The suit was filed by Delbert Terrill, who registered the domain name in 1995, along with domain name registrar Brandon Gray Internet Services, Inc dba NameJuice.com.

(If that registrar name looks familiar, it’s because it was suspended by ICANN for the “Domain Registry of America” domain slamming issue.)

The lawsuit alleges that someone used a fake passport & business license to steal the domain name and transfer it to a different registrar.

Terrill tried to recover the domain name through UDRP earlier this year. It failed after not providing evidence of common law rights in the term “SNN”.

Also, unusual in cases of alleged domain theft, the current registrant of the domain responded in the dispute. The registrant claimed it acquired the domain legitimately.