Someone Stole My Domain Name: Here’s What You Do
Someone stole the domain name Perl.com. They thought it was just a domain name snafu, but in fact it was stolen, transferred from one domain name registrar to another without the owner’s permission.
I am seeing more and more domain names get stolen recently, especially as the value of domain names goes up. After all, some domain names are selling hundreds of thousands of dollars. So, it’s imperative that you protect this valuable digital asset that you own. If you suddenly find that someone stole your domain name from you, then you need to act quickly. The longer you wait the more difficult it will be to recover. Here’s what you need to do if someone stole your domain name:
Is the Domain Name Really Stolen?
First, you need to figure out whether or not the domain name is really stolen or not. What determines whether or not it has been stolen is the status of the domain name. You must register your domain name and renew it every year. If you don’t pay the annual renewal fee, then it will expire. Once a domain name expires, it will be in a ‘holding period’ where you have a chance to renew it for an additional fee. After that period of time, the domain name will eventually “drop” and become available on a first-come first-served basis for anyone to register it. If someone else register it, the domain name is no longer “your domain name”.
Process for Expired Domain Names
A domain name, when it is not renewed by its current owner, goes through a process before someone else can register the domain name. Here is the process:
- Domain Name Expires, it was not renewed.
- Domain Name is on hold, owner can pay a fee to get it back.
- Domain name is in a “pending delete” status.
- Domain name “drops”, and is available for anyone to register.
That is the overall process, and it takes about 90 days to go through that process. If the domain name gets to the “drop” date, there is an actual date and time (and second) when the domain name is available for anyone to register. Some domain name registrars will sell the domain name to the highest bidder before it gets to the final stage.
Domain Name Theft
Theft of a domain name occurs when a domain name has been renewed, and is not currently expiring and has not expired. Someone, the domain thief, will somehow gain access to the account at the domain name registrar, where the domain name is registered. Let’s say you’ve registered your domain name for 5 years into the future (which is recommended), and someone gains access to your account, they transfer the domain name to another account, and then they transfer the domain name to another domain name registrar. Is the domain name stolen? Has someone stolen my domain name? Yes, it is stolen.
Domain Name Theft is On the Rise
In the past several weeks, I have witnessed several domain names that I can confirm were, in fact, stolen from their owners. These valuable domain names were stolen, and as of writing this post, none of them have been recovered and returned to their owners:
- Perl.com – stolen around Jan 27 2021
- Neurologist.com – stolen around Jan 27 2021
- Chip.com – stolen around Jan 27, 2021
- Patterns.com – stolen around December 8, 2020
- Piracy.com – stolen around December 8, 2020
All of these domain names were stolen by a domain name thief. They typically gained access to the domain name registrar account(s) involved and then transferred the domain names to another domain name registrar. In some cases, they will change the ownership record so that it shows that the domain name is under “privacy“, and the contact details are hidden. Then, once they transfer the domain name to another domain name registrar, they will un-hide the domain name ownership details and put the ‘old’ owner details in place of the private details. That way it “looks like” they original owner still owns the domain name, but the domain name is in the thief’s account. In all of the cases listed above, the domain name thief has tried to sell the domain names for about 10 percent of what they are actually worth. They’ll list them on websites such as Afternic.com and Sedo.com.
Why They Steal Domain Names
Why do thieves steal domain names? There are several reasons, but it’s mainly money. I believe they see it as a way to do something that they will profit from. They will hack into an account, transfer the domain name to themselves, and then sell the domain name. They’ll list it for 10 percent or 20 percent of the value of the domain name.
What To Do If Your Domain Name is Stolen
If your domain name is stolen, then, as I mentioned, make absolutely positively certain that you didn’t fail to renew the domain name. Log into your domain name account at the registrar and see if the domain name is still in your account there. Look in your email (such as your spam folder) to see if you have received any emails about renewing the domain name. If you haven’t, and you are certain that it has been renewed for at least a year in the future, then contact the domain name registrar. Check the WHOIS record. Make sure that you don’t still own the domain name. If you want to investigate what happened yourself, you can look at the whois archived records (several services offer this service, such as Domain Tools and DomainIQ). If it’s stolen, then you should contact your domain name registrar, and file a report of the domain name theft at DNProtect.com.
How to Check who Owns a Domain Name
You can check who owns a domain name currently, by looking up the
- Domain Tools – https://whois.domaintools.com/
- ICANN WHOIS – https://lookup.icann.org/
- GoDaddy WHOIS – https://who.godaddy.com/
- Epik WHOIS – https://www.epik.com/whois/
Stolen Domain Name Checklist
If your domain name is, in fact stolen, there are things that you need to do right away. Don’t wait, don’t even wait until “tomorrow” to do it. Here’s my checklist if your domain name is stolen:
- Check the WHOIS record to see who owns the domain name now.
- Make sure the domain name didn’t expire and just needs to be renewed.
- Log into your domain name registrar account. See if the domain name is there.
- If the domain name is not in your account, contact your registrar using their support system.
- File a stolen domain name report with DNProtect.
- Work with your current domain name registrar to see if they will help recover the domain.
It should only take up to a few days for the domain name to be properly restored in your account at your registrar if it was stolen. The domain name does need to be transferred back to your domain name registrar, so that can technically take up to 5 days for that to happen. But, if you’re not happy with how quickly it’s going, then you need to escalate it.
In the cases of the premium domain names I mentioned earlier that were stolen, a few things happened. A few of the domain names were part of a security breach that occurred at the registrar about a year ago, and the domain name owner(s) just noticed, months later, that they no longer owned the domain names. Someone had used the compromised data (user ID and password) to gain access to the account and transferred the domain name(s) to another registrar in China. With the other domain names, my understanding is possibly the domain names were socially engineered via web chat, and the registrar was presented with fake ID and documents to prove ownership. Those are two different ways that domain names can be stolen. I don’t know for certain that those are the ways that these domain names were, in fact stolen.
Protecting Your Domain Name
There are several ways to make sure that you protect your domain name from being stolen. Protect the domain name at your current registrar, move it to a more secure domain name registar, and take advantage of all of the domain name protections that the registrar offers.
- Register your domain name for at least 5 years in advance. This way there will be no question as to whether or not it expired or not. If expires soon, then it’s possible that a credit card won’t go through, you might not get a reminder, or another clerical issue could come up.
- Use Domain Lock, Executive Lock, or whatever the domain registrar calls that feature. The domain name cannot be transferred unless it is unlocked. Some registrars offer a service that allows you to give instructions. For example, you can tell them to call a certain phone number or you must give them a certain password before it can be unlocked.
- Implement 2FA (2 Factor Authentication) on the domain name. While this is not fail-proof, it can help secure the domain name. Someone cannot log into the account unless you get a text message with a code, for example.
- Move to a more secure domain name registrar. Some registrars keep getting their domain names stolen, and they are using 20-year-old technology and systems for their back processing. Some registrars are just more secure than others.
If someone stole your domain name, then you will lose access to email, your website will go down, and you’ll lose that digital asset that quite possibly be very valuable. Unfortunately I’m seeing more and more domain name thefts occur recently, and it’s time to make sure that your domain name is protected.