How many times have you read about cybercrime attacks and high-profile incidents and felt honest empathy for the unfortunate victims? Chances are these stories made you feel disturbed and triggered you to think about the level of your own vulnerability in the cyberspace. Then you’ve probably disregarded the possibility of becoming a victim yourself, thinking – nah, no way this could happen to me, what are the odds?
Well, the odds are certainly higher than you would assume. According to the global UN study on cybercrime (2013), some type of digital theft affects between 1 and 17 percent of the online population. If you take a look at the data provided by the Crime survey for England and Wales, you will see cybercrimes affect every tenth Internet user in the U.K.
Hackers are becoming increasingly creative when it comes to stealing personal data, making it hard for both domain holders and registrars to come up with an effective, full protection system. There’s no doubt we’re talking about a real threat here but what can you actually do to protect your domain?
In 2009, ICANN released its set of recommended measures of protecting one’s domain from misuse, specifically because of the difficulties in defining a framework in which cyber criminals operate (and the fact it is constantly evolving). Sometimes, it’s just a small overlooked detail regarding safety that turns you into an easy target.
This is why we have prepared a safety checklist for you, so that you can make sure your account doesn’t get compromised.
Imagine this: you have invested years of effort into building your brand. You’ve managed to position yourself as a relevant expert on the market or you’ve built a remarkable reputation for your business. You finally enjoy the fruits of your hard work as you’ve created a name for yourself and managed to generate impressive revenue. Your domain is recognizable and respected among your target audience.
Then, someone sees an opportunity to take advantage of your success, i.e. to infringe on your good name. Introducing – the sneaky practice of cybersquatting.
Cybersquatting is an act of registering or using a domain name with the malicious intentions of profiting from the goodwill of someone else’s trademark. Most commonly, it is a practice of buying domain names that use the names of existing renowned businesses, and cashing in on somebody else’s success.
You can consider cybersquatting somewhat as blackmail. In most cases, those who stand behind the act of cybersquatting contact the trademark owners, ask for a ransom and in return – they sell the domain name back to the company they’ve tried to take advantage of. Some companies choose to legally fight while others give in and cash out (sometimes – it’s cheaper than filing a lawsuit), with awareness of how a bad reputation or redirected traffic to a false website might damage their business.
According to the Harvard Law School, if you do become the victim to cybersquatting, you can rest assured the justice will be served:
The case law in the area of cybersquatting is fairly settled. With only one possible exception, no cybersquatter has won a court case against an intellectual property holder anywhere in the world.
As a cybersquatting victim, you have two options:
Some of the advisable practices to prevent cybersquatting include:
Did you know someone can actually steal your domain? If you have a successful and developed website that happens to drive a lot of traffic or even brings you direct profit – you may be a desirable target.
Domain hijacking or domain theft is a cyber crime that implies the unauthorized change of the registration of a certain domain name, with the intention of using it for abusive actions.
The dreadful truth is this: all an attacker needs in order to gain full control of your domain is your account and a password. With various techniques (e.g. phishing, social engineering), one can get a hold of your domain account and use it for spam actions, malware distribution, money stealing (e.g. if it’s e-commerce we’re talking about), and of course – to make any desired changes. Usually, the attacker performs an identity theft and impersonates the real domain holder in order to convince the registrar to change authority settings, i.e. status codes.
Here’s how you can prevent domain theft:
A good protective strategy is to keep your domain status code locked: it gives you full control and it is the basic security measure everyone should follow. Of course, if your account gets hacked, an unauthorized person has access and is free to change everything as he/she wishes.
If you do become a victim of domain hijacking, follow the guidance from ICANN: documentation is the key to recovering your domain name. These include files regarding domain history, billing records that prove you are the true domain holder, correspondence from registrars (e.g. WHOIS records, renewal notices), and other legal documents. Having a trademark can help in speeding up the legal process once you file a suit.
Now, let’s talk about your website’s safety and creating a protected environment for your customers and clients.
Have you ever been worried if your personal data will end up where it should during online shopping? SSL (Secure Socket Layer) is a transfer protocol that uses standard encryption technology to safely transfer data between the two parties, i.e. between the user and the server. This way, all the sensitive information (e.g. one’s credit card number) stays protected and can be seen and read only by the intended parties so hackers and identity thieves are left empty-handed.
We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!
- Zineb Ait Bahajji and Gary Illyes, Webmaster Trends Analysts at Google
In addition, owning an SSL certificate gives your online business credibility and is an absolute must if you run transactions on your website. You can choose between protecting one website, multiple websites, or protecting all subdomains (wildcard SSL).
Alongside the obvious safety reasons, securing your website will bring you SEO benefits: in 2014, Google announced it will reward secure websites (i.e. https websites – the ones using SSL) with a slight SEO boost in order to promote Internet safety.
There are multiple ways attackers can get their hands on your account information. The problem is, new domain holders are typically unfamiliar with protection measures that can be taken right from the very start – during the registration process.
Just like in every developed industry, there are many different types of domain and hosting services and naturally – they vary in quality. Some registrars have more efficient systems of handling security issues and criminal complaints and so they provide better customer service. Others might be more vulnerable to attacks. In any case, the risk is undeniable because the domain industry remains highly lucrative: just check out the whole affair regarding the sex.com domain which has been recorded as the priciest domain ever sold.
Ultimately, it is your personal responsibility as the registrant to wisely choose a registrar that provides the best service with maximally reducing the risk of you becoming a victim to some of the mentioned forms of cybercrime. Evaluating security measures should be one of your criteria when choosing your desired registrar.
ICANN Security and Stability Advisory Committee has underlined the importance of registrars expanding their FAQs and educational programs for registrants regarding levels of domain security. Domain.ME has a transparent list of policies, enabling all future users to know exactly what they are signing up for. Privacy should be one of the top priorities of every domain provider, and Me’s security system against domain name abuse includes protection from:
One thing’s for certain: when it comes to safeguarding your online presence, it’s debatable if you can ever be too cautious. Finding a registrar service that’s clear about the ways it aims to protect access to your domain portfolio should be your top priority. Remember, it’s always better to be safe than sorry: investing in security is never a bad decision!
A domain is the very first impression you make in the digital world, the name you make for yourself in the vast expanses of the online space. It only stands to reason then that it …
Managing your online presence is more important than ever. No matter if you are a beginner or a seasoned professional, hiring managers and potential business partners are using Internet to gain insight in who you …