Everything you need to know about domain hijacking

Domain Hijacking – Everything you need to know!

Losing your domain to hijacking would be an expense mistake to make.  Every business owner knows the importance of a good domain, and anyone who’s tried to find one will know just how hard it can be.  Early-adopters, searching for domain names, have already grabbed many, if not all of the best ones.  That means that they are now either in use or only for sale at premium prices.

The good news is that, with a bit of creativity, you can still come up with a great domain name.  You can then build it up to meaningful authority with search engines. The bad news is that if you do, you will potentially make it a target for domain hijackers. Here’s what you need to know about them.

The main weakness exploited by Domain hijackers

Cybercrime is very much like real-world crime. One of the similarities is that many of its perpetrators are, essentially, opportunists rather than skilled professionals. What this means in practical terms is that they are far more likely to probe for weaknesses that they can exploit than to crack open a site through their advanced technical skills.

This means that basic, common-sense security precautions can go a long way to protecting a site from their attacks.

The basics to protect your domain from hijacking

The first, and arguably most important, step in protecting your domain is to choose a good domain registrar. In particular, you want one that has decent security features and supports two-factor authentication.  This needs to be turned on, as this is currently the default, so you need to make sure that you do turn it on.

Currently, two-factor authentication tends to be by means of phone calls or text messages.  Since most people have smartphones these days you’ll want to make sure that they are protected by a reputable antivirus/mobile-security app. Otherwise, you might find yourself falling victim to malware and/or SIMjacking.

Take password creation seriously. Two-factor authentication is not an excuse to use weak passwords or to keep recycling a password that is theoretically strong but that you use on every site on the internet.

Follow the usual guidance about creating strong passwords and exercise reasonable security precautions about entering them.

In particular, make sure that you have robust security software on any device from which you access your domain (including mobile devices).  Be very cautious about entering it over public WiFi Make sure that nobody can see your screen or keyboard as you type, even if you only see placeholders instead of letters.

Remember the dangers of social engineering and make sure that anyone who has legitimate access to your domain is kept well-informed.  The consequences of anyone gaining unauthorised access to what is likely to be one of your company’s most important asset, could be catastrophic.  Your reputation will be on the line.  Your customers might start asking themselves why they should entrust you with their data, if you are unable to keep your own domain secure.  You may even be held legally liable for any ensuing damage under GDPR regulations.