In today’s technologically driven world, your organisation’s domain name has to be one of its most valuable assets. It gets you instantly found online and acts as an advertisement, shop and post office all at once. Yet every day individuals and organisations are victims of domain name hijacking. When this happens, it can be devastating to businesses.
Domain name hijacking is when someone changes the registration of a domain name without the original holder’s permission. Usually this happens by someone pretending to be the domain name holder and convincing the registrar to modify the registration information. Once this information is altered, the hijacker can then transfer the domain to another registrar and take control of websites and e-mails.
While many people think that domain name hijacking is carried out by anonymous hackers and e-savvy business competitors, in fact, perpetrators are often ex–business partners, angry clients or (separating or divorced) spouses trying to get back at one another. Even though holders of a .nz domain name can try and resolve disputes through the Domain Name Commission’s (DNC) Dispute Resolution Service (see dnc.org.nz/story/drs-home), a proactive approach to online security is always going to be better than a reactive one. As such, it is far better to prevent domain name hijacking in the first place. Here are a few simple steps you can put in place today:
Step 1 –Make sure that all the contact information listed with your registrar is accurate and up-to-date. To have a look at this information use the WHOIS function on the DNC website. If these details are incorrect or no longer trusted, contact your registrar and update them.
Step 2 – When you first received your domain name you would have somehow been given a UDAI (Unique Domain Authorisation ID) code. This code is used when you need to change accounts or registrar and is very important. Think of it like the password to your bank account. Keep it safe and do not give it out to just anyone.
Step 3 – One of the easiest ways to lose a domain name is by forgetting to renew it at the right time. Know when yours is next coming up for renewal and have a process in place to re-register it. You might also want to lease your domain name for a longer period of time. For example, rather than renew your domain name annually, you might want to do so every five years. To take this one step further, ask your registrar if you can renew your domain name automatically.
Step 4 – Be careful when replying to official looking renewal notices you receive by e-mail. There have been occasions when domain name hijackers have sent out e-mails trying to confuse domain name holders. When receiving these types of e-mails, don’t give any important information away. It is better to contact your registrar directly and make sure this correspondence is genuine.
Following these steps is not a 100 percent foolproof way of avoiding domain name hijacking, but they will definitely improve your overall online security posture. They are also easy, practical steps that can be implemented today.
Patrick Watson is a communications advisor at the Domain Name Commission