Today’s Wall Street Journal has an article about a topic that most people in the domain investment business have been worried about for quite some time – domain theft. The WSJ article discusses the ease in which thieves can take possession of someone else’s domain name, and the detrimental effect it can have on a business that is reliant on the domain name as an ecommerce outlet or the email addresses associated with the domain name.
When a domain name is stolen, the thief usually tries to sell the name quickly, profiting even before the legitimate domain owner knows the name is out of his possession. Payment is usually requested through a company like Western Union, as it can be more difficult to track the thief. Once the domain name is sold, the new owner may try to sell it for a profit, believing he received a good deal, or he may begin to develop a website around the domain name. It isn’t until the domain name servers are changed that the legitimate owner would notice something was fishy, as his website wouldn’t resolve and email would suddenly stop working. The situation turns into a bad problem because two people feel that they are the legitimate owner, and determining the actual ownership becomes problematic.
Registrars don’t typically help unless there is a court order, as they would probably rather turn a blind eye than become involved in a potentially litigious situation. This makes it difficult for the legitimate owner, and it becomes more complicated when the registrar and/or new owner is located in a different country. Retrieving a stolen domain name can be a complicated task, and it may be best to enlist the assistance of an attorney like John Berryhill (quoted in the article) or Brett Lewis.
Some tips I would offer to ensure your domain name doesn’t get stolen include:
1.) Make sure your registrar password is made up of letters, numbers, and characters to make it difficult to hack.
2.) Keep the email address on the Whois record current
3.) Frequently log in to your email account on the Whois record, and/or forward all emails to a regularly read email account in case you receive a notice from the registrar.
4.) Do not click on links in emails as they may be phishing attempts to gain access to your various accounts.
5.) Do not log into your registrar accounts or email accounts from computers that aren’t secure, as keylogging software could track everything you type.
6.) Make sure your domain registration is up to date. It’s always better to pay far in advance.
7.) If you have an auto-payment plan in place to pay your registration annually, make sure your credit card information is up to date so it doesn’t get rejected, causing the re-registration to fail.
As I stated in a previous blog post, here are some tips to help prevent you from buying a stolen domain name:
1.) Do a Whois history check
-Did anything recently change?
-Does something seem strange in the Whois history like a different email address just added?
-Length of domain name ownership is a good way to tell if someone has all rights to the name
2.) Call the listed owner
-If the email address just changed, the owner will tell you the name isn’t for sale
-Conversation is frequently avoided by scammers
3.) Call/email the former owner
-They will tell you if they sold it (or if it was stolen)
4.) Search the forums/Google for any information that may raise red flags
-Stolen domain name posts
-Spam references on Google
5.) Do a WIPO/UDRP search
-May not be a anti-theft tool, but just make sure the history is clean
7.) Never pay with money order or cashier’s check
-Difficult to track
-Many scams involve counterfeit checks/money orders
8.) Only buy from the listed registrant
-Don’t attempt to buy from the technical contact if it’s different from the registrant
-Technical contact doesn’t necessarily own the name, but may just manage the domain name
9.) TRUST YOUR GUT!
-If an offer is too good to be true, it probably is
-If the terms the seller is requesting seem strange, question them