Domain name transfer fraud

by John Bandler

Here is a quick explainer about domain name transfer fraud, with some cybersecurity and cybercrime prevention tips.

The value of domain names

Domain names have value for:

  • Websites
  • Email
  • Intellectual property
  • Branding

Computers love numbers, but us humans need words. Domain names allow us to use meaningful email addresses and website pages, so that we can tell people things like:

  • "Visit me at JohnBandler dot com"
  • "Email me at JohnBandler at JohnBandler dot com"
  • "Go to Google dot com to search it"

Instead of something like:

  • Go to the website at IP address 172.217.164.110  (IPv4)
  • Go to the website at IP address 0:0:0:0:0:ffff:acd9:a46e  (IPv6)

Domain names are essential for business use, for websites, and email.

How to we obtain a domain name?

We rent domain names from a domain registrar. We don't buy them (that would be too easy for us), we rent them.

That means we need to ensure our rent is paid, we need to know which registrar we are renting from, and we need to secure our account with that registrar.

After we rent the domain name

After we have rented that domain name, for a period of years, we can put it to use. The things we can do with a domain name are:

  • Nothing
  • Create a redirect, so a website visitor to that domain is redirected to our main website
  • Have website hosted using that domain name
  • Have email service using that domain name
  • Use that domain, or email addresses using that domain, for all kinds of other cloud services and accounts (Office 365, Google Workspace, Dropbox, etc.)

Often, a domain registrar is more than willing to provide or connect you to additional services, such as for website or email hosting. And vice-versa is true also  (e.g., providers of website and email services are often more than willing to help you obtain domain name registrations).

To connect a website to our domain name, we need to have the website hosted somewhere on server (often with a website hosting provider) and then configure our domain name registration settings to the world knows how to get there. Meaning, tell the domain name system (DNS) where the website for our domain name is hosted.

To connect email to our domain name, we need to have an email service provider somewhere on a server, then configure our domain name registration so it properly points to that mail server provider.

The things that can happen

The main harm that can happen is we lose control over our domain name.

If we lose control over our domain name, we lose access to any email accounts that use that domain name, and our website will go down.

Here are various ways we can lose control over our domain name:

  • We forget to renew it
  • Auto renew fails for whatever reason (payment card expired, error, etc.)
  • Malicious attacker gains control over our domain registration account and transfers the domain

When you lose control over your domain, your email and website will go down.

The domain name may then be offered for sale, often at a premium, and you can try to buy it back. But there is no guarantee you will get it back. That could be disasterous.

Prevention

To prevent domain name frauds (or even just losing your domain due to oversight), follow Bandler’s Four Pillars of Cybersecurity, starting with the first pillar, improve knowledge and awareness. Bandlers Four Pillars of Cybersecurity

Then proceed through devices and data, and with data, consider what domains you rent, with which registrars, and how those accounts are secured. Likewise for email and websites.

Then you can take appropriate steps to safeguard your important domain names, including:

  • Check who has access to the domain name registrar account (e.g. who can access the domain registration company account to potentially transfer or cancel the domain)
  • Ensure the domain registration account is configured with a strong, unique password, and two factor authentication
  • Check autorenew settings and payment information
  • Review other settings
  • Monitor

Response to this cybercrime (for individuals)

Try get your domain name back!

Not fun.

Response to this cybercrime (for organizations)

Try get your domain name back!

Not fun either.

Government and law enforcement response

Quick thoughts here for government:

  • Investigate all cybercrime cases.
  • Successful cybercriminals don’t just do one scam, they attempt thousands and are successful for many.
  • Indict and arrest the perpetrators.
  • Follow the money
  • Indict and arrest the money launderers
  • Without investigation there is no arrest
  • Without arrests there is no justice
  • Without justice there is no deterrence, and this crime will remain rampant.

Domain name registrar response

I've seen a few of these. Unfortunately, some domain name registrars do not expend enough effort detecting this fraud, investigating it, or remediating it.

It's not just fraud protection, it is efficiency

As indicated above, this is not just about protecting from fraud and crime, it is about efficiency. If you forget to renew a domain, you can lose it. If you don't work to identify and manage your information assets (including domains) you may not be managing them effectively and efficiently. Consider doing an information asset inventory.

Conclusion

Cybercrime, including domain name transfer frauds, are pernicious and pervasive.

If you are a cybercrime victim, see the resources on this site and see my page on identity theft, contact your financial institution and law enforcement.

If your organization needs help to protect from cybercrime, improve cybersecurity, create or improve policies, or comply with cybersecurity related laws and regulations, please contact me.

This is not legal advice nor consulting advice, and is not tailored to your circumstances.

Additional reading

This article is hosted at https://johnbandler.com/domain-name-transfer-fraud, copyright John Bandler, all rights reserved.

This article is also available on Medium.com at NOT YET (though not kept as up to date).

Originally posted 10/19/2023, updated 12/05/2023.