Domain hijacking involves fraudsters hijacking your domain name and using it for malicious purposes. Read how to protect your domain name and prevent cybercriminals from taking over your domain.
7 steps to protect your domain name from hijacking
- Check who has access to the control panel of your hosting company, registrar, website or content management system to manage your website such as WordPress. Limit this access to as few people as possible. Ask yourself: who really needs administrator rights?
- Use secure passwords. Tips for a strong and secure password can be found on the safeonweb.be website.
- If possible, use multi-factor authentication when logging in, especially for administrator accounts (admins).
- Run updates as soon as they become available, whether for your operating system, email program, browser , etc.
- Keep an eye on the log files of your system/website for abnormal events. This will let you know when a hacker is trying to gain access.
- Also check the certificate transparency logs to see if any certificates have been issued for your domain name that you did not request yourself.
- Check each DNS record under your jurisdiction, and check via the history if any changes have been made.
Why do scammers want to hijack or steal a domain name?
Their goal could be to:
- steal your customers or ;
- steal the data of your customers or company or ;
- To ask you for money before you get your domain name (and your website) back.
How do hackers hijack your domain?
Hackers and fraudsters have various methods of hijacking your domain name. It all comes down to stealing your login data.
1. Through a hack
What happens in these cases? The fraudsters somehow gain access to your domain account. For example: they hack into your e-mail account. They then ask your registrar to transfer your domain name to them (domain transfer). Your registrar creates a code that is sent to your e-mail address. But the fraudsters intercept this mail, and use this code to confirm the transfer. Your domain ends up in the hands of fraudsters.
2. By DNS-attack
What happens in these cases? In the case of a DNS attack, the hacker replaces the DNS record pointing to your website with another one. The visitor who types in your web address will no longer be directed to your website, but to a fraudulent site. There, the hacker can see all incoming traffic to your domain. This allows the fraudsters to intercept e-mail addresses, login details and user input on your applications.
The fraudster then uses this to associate a fake IP address with the domain name. The most common attacks to get hold of your domain name are cache poisoning and hacking the authoritative DNS server . Want to know more about SAD-DNS and cache poisoning? We have written articles on the subject.
3. By hacking the registrar
What happens in these cases? In this form of hacking, the fraudster does not just target your website. By hacking your registrar, the fraudsters have access to all the domains managed by your registrar. This allows them to change DNS records, for example, and redirect your visitors to another website.
How to prevent a registrar hack?
Choose a registrar with a solid reputation. Don't just look at the price, but especially at the security guarantees offered by the registrar. Ask whether your registrar supports these extra tools offered by DNS Belgium:
- Domain Shield: Your registrar cannot change the details associated with your domain name. Nor can your registrar delete or transfer your domain name to third parties without your consent.
- Domain Guard: This precautionary measure offers the same protection as Domain Shield, but goes a step further. Every time you try to update your domain name, you will immediately receive a call.
- DNSSEC: provides an extra layer of security to your DNS. Your DNS information is digitally signed.
Risks of phishing and typosquatting
On rare occasions, fraudsters may send you a phishing mail pretending to be your registrar. The mail contains a link that takes you to a fraudulent website. As this is a perfect copy of your registrar's login page, you enter your login name and password here in good faith. With these details, fraudsters can now log in to your registrar and transfer your domain to someone else. If your domain is hijacked, it can be used for phishing anyway.
How to prevent phishing?
Never click on links in an e-mail, but type the web address of your registrar's control panel into your browser yourself. Also use 2-factor authentication. In addition to your password, you need a second element to log in to an account. This can be a code that you receive by SMS or see in an authentication application.
With typosquatting, fraudsters do not get hold of your domain itself, but they register domain names that are very similar to yours. The fraudster links these domain names to websites that mimic your site. For example, if a user types in an error in your web address, they will be directed to this fraudulent website. Fraudsters can abuse your brand name by registering similar brand names.
How to prevent typosquatting?
Register all obvious variants and typos of your domain name. Make sure that these variants are redirected to your real website. This is a very small investment that can save you a lot of trouble! Consider the following possibilities:
- Spelling mistakes, for example welness and wellness, but also confusion between l (the letter L) and the number 1, or between the letter O and the number 0.
- Singular and plural, for example repairs-cars-brussels.be and repair-car-brussels.be
- With or without hyphens, e.g. repairs-cars-brussels.be or repairscarsbrussels.be
- Alternative domain extensions, e.g. also for other countries (.eu or .nl) but also new domains such as .car, .app, .shop, etc.
Do not confuse “domain hacking” and “domain hijacking”
Domain hacking has nothing to do with hijacking a domain. The term refers to a clever way of inventing a domain name, by combining a word with a short domain extension such as .to, .ly, is. You then get instagr.am, goo.gl or bit.ly.
For example, two-letter country code Top Level Domains (ccTLDs) lend themselves perfectly to such hacks. Think of .je (Jersey), .nu (Niue), .tv (Tuvalu), .me (Montenegro). You just have to be creative!