How many times have you read about cybercrime attacks and high-profile incidents and felt honest empathy for the unfortunate victims? Chances are these stories made you feel disturbed and triggered you to think about the level of your own vulnerability in the cyberspace. Then you’ve probably disregarded the possibility of becoming a victim yourself, thinking – nah, no way this could happen to me, what are the odds?
Well, the odds are certainly higher than you would assume. According to the global UN study on cybercrime (2013), some type of digital theft affects between 1 and 17 percent of the online population. If you take a look at the data provided by the Crime survey for England and Wales, you will see cybercrimes affect every tenth Internet user in the U.K.
Yes, the face of crime has changed and it’s pretty ugly. What’s more, it’s spreading like an epidemic and users are still undereducated about it: around 80% of the cyber crimes remain unreported simply because victims were not aware of the fact that they actually happened. That’s how undetectable they can get.
Hackers are becoming increasingly creative when it comes to stealing personal data, making it hard for both domain holders and registrars to come up with an effective, full protection system. There’s no doubt we’re talking about a real threat here but what can you actually do to protect your domain?
In 2009, ICANN released its set of recommended measures of protecting one’s domain from misuse, specifically because of the difficulties in defining a framework in which cyber criminals operate (and the fact it is constantly evolving). Sometimes, it’s just a small overlooked detail regarding safety that turns you into an easy target.
This is why we have prepared a safety checklist for you so that you can make sure your account doesn’t get compromised.
The fiery issue of cybersquatting
Imagine this: you have invested years of effort into building your brand. You’ve managed to position yourself as a relevant expert on the market or you’ve built a remarkable reputation for your business. You finally enjoy the fruits of your hard work as you’ve created a name for yourself and managed to generate impressive revenue. Your domain is recognizable and respected among your target audience.
Then, someone sees an opportunity to take advantage of your success, i.e. to infringe on your good name. Introducing – the sneaky practice of cybersquatting.
Cybersquatting is an act of registering or using a domain name with the malicious intentions of profiting from the goodwill of someone else’s trademark. Most commonly, it is a practice of buying domain names that use the names of existing renowned businesses and cashing in on somebody else’s success.
You can consider cybersquatting somewhat as blackmail. In most cases, those who stand behind the act of cybersquatting contact the trademark owners, ask for a ransom and in return – they sell the domain name back to the company they’ve tried to take advantage of. Some companies choose to legally fight while others give in and cash out (sometimes – it’s cheaper than filing a lawsuit), with awareness of how a bad reputation or redirected traffic to a false website might damage their business.
According to the Harvard Law School, if you do become the victim to cybersquatting, you can rest assured the justice will be served:
The case law in the area of cybersquatting is fairly settled. With only one possible exception, no cybersquatter has won a court case against an intellectual property holder anywhere in the world.
As a cybersquatting victim, you have two options:
- For U.S. citizens: there is a federal law known as the Anticybersquatting Consumer Protection Act (ACPA) that enables you to file a lawsuit.
- For non-U.S. citizens: You can use the international arbitration system of ICANN. This procedure is typically shorter and you won’t be needing an attorney.
Some of the advisable practices to prevent cybersquatting include:
- Officially registering your trademark
- Registering a domain under your own name (i.e. you are the official domain holder)
- Buying different domain extensions under the same name (e.g. .me, .com, .net)
Understanding and preventing domain hijacking
Did you know someone can actually steal your domain? If you have a successful and developed website that happens to drive a lot of traffic or even brings you direct profit – you may be a desirable target.
Domain hijacking or domain theft is a cyber crime that implies the unauthorized change of the registration of a certain domain name, with the intention of using it for abusive actions.
The dreadful truth is this: all an attacker needs in order to gain full control of your domain is your account and a password. With various techniques (e.g. phishing, social engineering), one can get a hold of your domain account and use it for spam actions, malware distribution, money stealing (e.g. if it’s e-commerce we’re talking about), and of course – to make any desired changes. Usually, the attacker performs an identity theft and impersonates the real domain holder in order to convince the registrar to change authority settings, i.e. status codes.
Here’s how you can prevent domain theft:
- Protect your e-mail account: Ensure your password is of solid strength, and you may even want to change it once in awhile.
- Check security protection options before registering your domain (e.g. call-back authentication, placing various domain locks).
- Keep your eyes on your traffic: If you notice any highly suspicious traffic, reach out to your registrar to see what’s up.
A good protective strategy is to keep your domain status code locked: it gives you full control and it is the basic security measure everyone should follow. Of course, if your account gets hacked, an unauthorized person has access and is free to change everything as he/she wishes.
If you do become a victim of domain hijacking, follow the guidance from ICANN: documentation is the key to recovering your domain name. These include files regarding domain history, billing records that prove you are the true domain holder, correspondence from registrars (e.g. WHOIS records, renewal notices), and other legal documents. Having a trademark can help in speeding up the legal process once you file a suit.
Benefits of owning an SSL certificate
Now, let’s talk about your website’s safety and creating a protected environment for your customers and clients.
Have you ever been worried if your personal data will end up where it should during online shopping? SSL (Secure Socket Layer) is a transfer protocol that uses standard encryption technology to safely transfer data between the two parties, i.e. between the user and the server. This way, all the sensitive information (e.g. one’s credit card number) stays protected and can be seen and read only by the intended parties so hackers and identity thieves are left empty-handed.
We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!
- Zineb Ait Bahajji and Gary Illyes, Webmaster Trends Analysts at Google
In addition, owning an SSL certificate gives your online business credibility and is an absolute must if you run transactions on your website. You can choose between protecting one website, multiple websites, or protecting all subdomains (wildcard SSL).
Alongside the obvious safety reasons, securing your website will bring you SEO benefits: in 2014, Google announced it will reward secure websites (i.e. https websites – the ones using SSL) with a slight SEO boost in order to promote Internet safety.
Protection strategy during registration
There are multiple ways attackers can get their hands on your account information. The problem is, new domain holders are typically unfamiliar with protection measures that can be taken right from the very start – during the registration process.
Just like in every developed industry, there are many different types of domain and hosting services and naturally – they vary in quality. Some registrars have more efficient systems of handling security issues and criminal complaints and so they provide better customer service. Others might be more vulnerable to attacks. In any case, the risk is undeniable because the domain industry remains highly lucrative: just check out the whole affair regarding the sex.com domain which has been recorded as the priciest domain ever sold.
Ultimately, it is your personal responsibility as the registrant to wisely choose a registrar that provides the best service with maximally reducing the risk of you becoming a victim to some of the mentioned forms of cybercrime. Evaluating security measures should be one of your criteria when choosing your desired registrar.
ICANN Security and Stability Advisory Committee has underlined the importance of registrars expanding their FAQs and educational programs for registrants regarding levels of domain security. Domain.ME has a transparent list of policies, enabling all future users to know exactly what they are signing up for. Privacy should be one of the top priorities of every domain provider, and Me’s security system against domain name abuse includes protection from:
- Phishing: the act of defrauding an online account holder via the legitimate company in an ill intention of compromising sensitive information (e.g. credit card number, passwords, bank accounts)
- Pharming: a practice of directing visitors to a false website that mimics the real one with a goal to obtain personal information
- Intentional distribution of malware: one’s website gets misused in order to disseminate computer viruses
- Fast flux hosting: a vast number of different IP addresses are associated with a single domain name (i.e. the victim’s domain) and they are swapped in and out with extremely high frequency by changing DNS records. Most frequently, this practice aims to mimic phishing and malware delivery sites.
- Illegal access to computers and networks
- Any type of misuse of the WHOIS information
One thing’s for certain: when it comes to safeguarding your online presence, it’s debatable if you can ever be too cautious. Finding a registrar service that’s clear about the ways it aims to protect access to your domain portfolio should be your top priority. Remember, it’s always better to be safe than sorry: investing in security is never a bad decision!