Having your domain name stolen is like getting punched in the gut. You try to log on to do some work on your site, or update some product information, but nothing works. You can’t get in, and you can’t switch things back. Or you check your email to find a notice that your domain name has been successfully switched to the new registrar, but you didn’t initiate any switch. You might feel lost, confused, miserable, and just plain angry.
Fortunately, there are some things you can do to get your domain name back. First, change all your passwords. While changing passwords may seem a lot like closing the barn door after the horse already got out, you don’t want whoever hacked into your account and transferred your domain away to have any more access to anything belonging to you.
It won’t fix your problem, but it can help keep the hacker from getting to anything else in your email account, or transferring any more domains (if you have others) away from you.
Next, contact your registrar. You want to make sure they know about the problem as soon as possible. They may have a policy for those kinds of problems, or a procedure you can start on that will allow you to move toward getting your domain name back. They may also be less than helpful.
Either way, it’s important to make the effort to let them know what’s going on, as proof that you acted quickly and attempted to resolve the problem. Some registrars will be willing to file a complaint against the registrar to which the stolen domain was transferred, but that’s not the case with all of them.
If you don’t get a quick resolution from working with your registrar, there are more significant steps you can take. Although the UDRP process is not normally considered one of the steps you can take, recently an UDRP was filed and achieved the return of the domain name.
The case CIN – CorporaÃ§Ã£o Industrial do Norte, S.A. v. Huhan, Yuming Zhong, Case No. D2014-1865 included the facts that the domain name was misappropriated by Respondent in an unknown fashion, which GoDaddy, confirmed and the new registrar declined to assist with a re-transfer. Accordingly this is a classic domain theft case. In this case the complainant made all the necessary claims to the UDRP elements and the Respondent did not reply. The panel decided that “evidence of misappropriation is sufficient to find that the Respondent has registered the disputed domain name with the intention of selling it in breach of paragraph 4(b)(i) of the Policy.” It is unknown whether the Complainant made such an allegation or if the panelist made up out of whole cloth. In either case, as it is clear that the panel created law by first deciding outside the UDRP rules that there was a misappropriation and then decided that a misappropriation is a bad faith act. While I applaud the panelist for trying to do the right thing and believe that the domain name most likely should have been returned to the Complainant, I also believe that the panel over stepped its bounds which is why the Internet Commerce association (ICA) is in the process of attempting to change the UDRP rules to allow for the retrieval of stolen domain name through the arbitration process.
That being said, considering the above case it is possible that you might be able to obtain the return of a domain name through the UDRP process which is of course worthwhile as it is at least 50% less expensive than going to court.
If you win, the domain name will automatically be transferred back to you within 10 days unless the opposing party files in a court in a mutually accepted jurisdiction.
The more proactive you are about keeping your domain names safe, the better, but there’s no way to completely protect them. Be vigilant about your passwords and change them often. Check your domains frequently, as well, so you can catch any problems right away. Hacking into and stealing domains is becoming a serious problem, and it’s one that puts you at risk. Knowing how to avoid it as much as possible, and knowing what to do if it does happen, can protect your business interests.
There are of course other options to protect your domain names and then there is the use of the court system to retrieve your stolen domains. I go into further detail pertaining to this matter in a previously written article which may be found at: http://aplegal.com/2014/12/31/slamming-door-domain-name-hijacking/