I would imagine that most domain name hijacking incidents happen as a result of phishing attempts. Someone that gains access to a person’s email login can almost certainly request registrar information to transfer a domain name away, change registrar account passwords, and do other things to take control of a domain name owner’s account.
I received a somewhat customized phishing attempt on my email account the other day, and I think it’s important that we all remain vigilant when it comes to this type of attempt.
More often than not, email providers, registrars, and other companies with whom we do business will send personalized emails. When we receive a personalized email from a trusted partner, we all tend to let our guard down and assume the email is legit. Someone who wants to take your domain names can easily target you by personalizing a phishing attempt. If that happens, you may click through assuming it was a legit email, only to find out you’ve been had.
Here are some tips to deal with a possible phishing attempt:
- Hover over any links in an email to see the actual underlying link.
- Do not click on any links in an email, even if you are confident who it’s from.
- Report phishing attempts to the provider, like firstname.lastname@example.org.
- Don’t ever click links on your mobile phone since it may be harder to tell where you land
If you think you may have fallen prey to a phishing attempt, contact your registrar immediately and ask that your names be put on a lock to avoid transfers. Change your email and registrar passwords immediately.