Domain Theft: The New Internet Scourge

Having your domain name stolen is like getting punched in the gut. You try to log on to do some work on your site, or update some product information, but nothing works. You can’t get in, and you can’t switch things back. Or you check your email to find a notice that your domain name has been successfully switched to the new registrar, but you didn’t initiate any switch. You might feel lost, confused, miserable, and just plain angry.

Fortunately, there are some things you can do to get your domain name back. First, change all your passwords. While changing passwords may seem a lot like closing the barn door after the horse already got out, you don’t want whoever hacked into your account and transferred your domain away to have any more access to anything belonging to you.

It won’t fix your problem, but it can help keep the hacker from getting to anything else in your email account, or transferring any more domains (if you have others) away from you.

Next, contact your registrar. You want to make sure they know about the problem as soon as possible. They may have a policy for those kinds of problems, or a procedure you can start on that will allow you to move toward getting your domain name back. They may also be less than helpful.

Either way, it’s important to make the effort to let them know what’s going on, as proof that you acted quickly and attempted to resolve the problem. Some registrars will be willing to file a complaint against the registrar to which the stolen domain was transferred, but that’s not the case with all of them.

If you don’t get a quick resolution from working with your registrar, there are more significant steps you can take. Although the UDRP process is not normally considered one of the steps you can take, recently an UDRP was filed and achieved the return of the domain name.

The case CIN – Corporação Industrial do Norte, S.A. v. Huhan, Yuming Zhong, Case No. D2014-1865 included the facts that the domain name was misappropriated by Respondent in an unknown fashion, which GoDaddy, confirmed and the new registrar declined to assist with a re-transfer. Accordingly this is a classic domain theft case. In this case the complainant made all the necessary claims to the UDRP elements and the Respondent did not reply. The panel decided that “evidence of misappropriation is sufficient to find that the Respondent has registered the disputed domain name with the intention of selling it in breach of paragraph 4(b)(i) of the Policy.” It is unknown whether the Complainant made such an allegation or if the panelist made up out of whole cloth. In either case, as it is clear that the panel created law by first deciding outside the UDRP rules that there was a misappropriation and then decided that a misappropriation is a bad faith act. While I applaud the panelist for trying to do the right thing and believe that the domain name most likely should have been returned to the Complainant, I also believe that the panel over stepped its bounds which is why the Internet Commerce association (ICA) is in the process of attempting to change the UDRP rules to allow for the retrieval of stolen domain name through the arbitration process.

That being said, considering the above case it is possible that you might be able to obtain the return of a domain name through the UDRP process which is of course worthwhile as it is at least 50% less expensive than going to court.

If you win, the domain name will automatically be transferred back to you within 10 days unless the opposing party files in a court in a mutually accepted jurisdiction.

The more proactive you are about keeping your domain names safe, the better, but there’s no way to completely protect them. Be vigilant about your passwords and change them often. Check your domains frequently, as well, so you can catch any problems right away. Hacking into and stealing domains is becoming a serious problem, and it’s one that puts you at risk. Knowing how to avoid it as much as possible, and knowing what to do if it does happen, can protect your business interests.

There are of course other options to protect your domain names and then there is the use of the court system to retrieve your stolen domains. I go into further detail pertaining to this matter in a previously written article which may be found at: http://aplegal.com/2014/12/31/slamming-door-domain-name-hijacking/

  1. Thank you very much for the acknowledgement. I strongly believe that those in the community that are capable of making things better have an obligation to attempt to do so. Any domainer that is not a member of the ICA should seriously consider joining both because it is the sole organization representing the domain name community and so each person’s voice and wisdom may be be heard.

  2. Stevan, I understand UDRP requires you to hold a trademark or common law rights before you can really file a claim. For many domain holders, this may be the hurdle they face.

  3. It is hard to succeed if you do not have a registration. However, you obtain common law rights just from using the mark in commerce in association with particular goods and services so most folks will actually have common law rights of some sort.

  4. Elliot,

    A suggestion prompted by your posting.

    How about running a poll of your readers as to which registrars are considered most helpful to registrants when facing a domain theft; and which are less so.

    Qualitative factors such as registrant service, not just a small difference in reg fees may become a compelling competitive advantage for smart registrars and smart registrants.

    • I think there are too many factors that wouldn’t be fair to registrars to compare. For instance, some would be excellent for US-based domain owners while non-US owners might not receive the same level of service. Further, someone with 10k names would likely see better service than someone with 10 names.

      As such, any poll like this would not be accurate and someone wouldn’t be able to make an informed decision based on the results of the poll.

  5. Hello,

    My domain names 35.org and 61.orgs have been stolen back on December 1, and transferred away from GoDaddy to eName as well. I tried everything I can through the registrar, and nothing works. They claim they do not have the option to recover for .orgs. PIR, for .orgs saying TDRP or a valid US court order is what will work in my case. GoDaddy will not file TDRP for whatever reason, and I am not in a position to throw another 20-30K on US Court Order on this case, so I was hoping someone out there can have another solution. I have a proven case already of stolen domain names, and all I need is a method of working around TDRP.

    Anyone had similar issues with your .orgs and how was it resolved?

    Thank you,
    Alex Kogan
    HeavenDomains.com

  6. Is there a list of Registrars that are culprit to the problem? I.E. they will not work to get the domains back.

    Who are the more helpful Registrars in your opinion?

    Thanks in advance for your insight.

  7. Anyone who works in this industry and deals with registrars regularly can’t answer that question as to do so would be to applaud some registrars and malign others. It would be impossible to obtain any assistance from the registrars one maligns. Further, you should not forget that registrars are made up of people and everyone has good days and bad and as such a good registrar might be a bad one the next day and visa versa.

  8. Hey! those names worth pretty good cash! But why should there be no solution to get it back. hence there is no sales record, no previous ownership record for the hacker/s. I think with much effort, if you petition the eName; there should be a solution for getting those domains back. But it is terrible.

    But do you have the Whois record on ground for your protest?

  9. My domain was stolen from GoDaddy and moved to Ename using a phishing llink I fell for. They managed to get it back after 3 months by going to Verisign.

    I highly suggest anyone using godaddy have 2 factor authentication enabled

    • Yes, 2 factor authentication would of saved me as well. Same deal, same phishing link, however, since domain names – .orgs Verisign do not deal with that. GoDaddy told me about this factor, 2 months after it happened.

  10. My domain cjml.com was just stolen. I have had it registered with godaddy since March of 2000. I received emails from godaddy on Thurs 11/19 for change of account/change of registrant. Emails said if I did not do this or it was in error to contact them within 15 days at undo@godaddy. I sent an email that day saying it was in error and I did not authorize any change. I called them and they said someone had accessed my account and made changes. Then sent me a dispute transfer link. Later @undo sent an email to submit a form to changeupdate.com which I did, the form requires information and scanning a copy of id/drivers license. I thought great, that will prove it’s mine. Also up till then the whois still showed me as registrant and contact. Then on Sat 11/21 another email from godaddy saying contact information for cjml.com. I checked my account and the domain wasn’t there, then checked whois and found someone else’s name listed. Again called godaddy and was told, yes looks like they have successfully stolen your domain, and there’s nothing they could do about it, I’d have to find a lawyer and try to take legal action to try to get the domain back. Thanks for nothing godaddy.
    I don’t know how this happened, nothing else seems to be hacked, my emails or 2 other domains. I don’t click on links in emails. I have changed all passwords. What else can I do to get it back? What can Verisign do? Or ICAAN?

    • Hi,
      My name is Alex Kogan. I have had this happened to me before from godaddy. (as you can see above) My domains were stolen from me on Dec 1. GoDaddy replied with the same words like you got. It was very expensive set of domains I had over 30 of them stolen to china. I have battled my way through this, emailed probably 700 -800 total times and talked to numerous people in the industry and finally got every single one of them back. My issue was some of them were .orgs, and those are much harder to get back then .coms. As example I had 35.org and 61.org stolen during that transaction.
      If you have questions, please email me – I would be happy to help if I can. For now, it’s important to collect all the communication with GoDaddy.com They key to your case would be the IP trace which every registrar uses to tell where the requests are coming from. It seems like in this case – GoDaddy already looked at this trace and saw the domain name in fact stolen.
      You have 60 days to make sure your domain name is frozen wherever it is, and not going to be sold the minute the ICANN rule releases it.

      Verisign does have a process. ICANN has a lot of people who are responsible for parts of the process. Contacting them both eventually helped me get all my domain names back.

      I know first hand how frustrating this can be. The good news is there is a process which allows you to return the name. The bad news – it’s going to be uphill battle at first.

      Hope it helps a little,
      Alex Kogan
      HeavenDomains.com

  11. Domains get hacked through you directly, through the registrar or registry. Odds are it is you that has been hacked as GoDaddy and the Verisign likely have more robust security. Security on their side includes social engineering, re the thief convincing someone in those organizations to make changes to your account. However it happened the first step is to contact Godaddy and ask them for the form of authorization (FOA) used to transfer the domain name and demand that the domain is locked on the basis that it has been moved out of your account without your authorization. Since the domain is still at Godaddy they still have full control. Once you know the details behind the FOA then you can fashion an argument to prove that it was not you that allowed the domain to be pushed.

    Stevan Lieberman
    http://www.aplegal.com
    http://Escrow.Domains

    • Thanks Stevan,
      I just contacted godaddy again. Since I have already replied to undo@godaddy and changeupdate with all my information and my id, she said it would take about 72 hours for them to get back to me, so sometime today or tomorrow. She didn’t seem to know what I was talking about when I asked for FOA, said she couldn’t lock the domain and I should just wait for a response from undo. But the whois search shows domain status as clientTransferProhibited for now so maybe they have locked it until it’s resolved. Whoever made the change changed only the name to gang cheng and registrant phone to a Chinese phone# code. Meanwhile my website is still live. I really can’t afford legal bills to fight this.vSo I guess I just have to wait and hope they do the right thing and can get it back.

    • I just received response from godaddy. “We see you recently submitted a Change Update request. We’re sorry, but we can only make this change after verifying the consent of the registrant – and unfortunately, the registrant’s consent was not provided in this case.”
      Looking back I received an email on thurs 11/19, (after the email from godaddy about the change of account/registrant initiated)from go786@qq.com saying “Hello, I just saw CJML.COM domain name in the sale, what is you sell it?” There were no links and I wouldn’t open or click on a line, just read the email. Now checking whois, the name changed to gang cheng and a Chinese phone #, and registrant email changed to go786@qq.com. All of this I sent to undo godaddy and the dispute transfer with changeupdate, along with scanned photo of my id. They confirmed that it was stolen when I spoke with them the other day, now they’re just saying I’m no longer the registrant and so they can’t do anything to help.
      If there is anything you can do to help or any more advise I would really really appreciate it. I can’t afford to hire an attorney or fight this in the legal system though. How can I contact ICCAN and what can they do?

  12. Mike, Elliot brought this to my attention and I looked into it. Please look over your emails again, we sent one asking you to create a new account and get back to us. You should reply to the email you were sent with the new account info. But I would strongly urge you to both update the passwords on your email and original account and to enable two factor on both.
    The reason we ask for a new account to be created is because we don’t want to give you back the name in your old account only to have the thief access it again and take the name all over again.
    I read over the article and really think there is some good advice here from Stevan. Thanks for writing this and trying to help people keep their assets safe.

    • Also not to in any way take away from Stevan’s excellent advice, I also wrote an article which I was asked to share a link to outlining some best practices around keeping your domains safe. https://www.namepros.com/blog/how-safe-are-your-domain-names.887391

      I believe there will be a panel on this subject at namescon. The more we talk about it and spread the word on the best things to do to keep your names safe the better off everyone in the community will be.

    • Whoa! I just got another email from undo. “Support Staff Response
      We will be reinstating CJML.COM to you. For your security, we ask that you provide us with a new account number as we cannot return domain names to a previously compromised account.”
      I have changed all passwords on email and other accounts. Hope this works.
      Thank you both for your help.

  13. I took my time to read everyone’s comment and this post in particular. Does it mean GoDaddy security is weak compared to registrar like Namecheap? Another thing is why will a registrar not agree to transfer back a stolen domain? It shows that domain registrar was solely created to harbor domain thieves. I think there is should be a law too that deals with these registrars that keep stolen domains.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Handoff to Dan on Imported Leads Can be Confusing

0
I've been using the lead import option at Dan.com more regularly. Although the 5% commission is not ideal, transactions tend to move more quickly...

ArtificialIntelligence.com Goes Up for Sale

7
I tried to buy the ArtificialIntelligence.com domain name multiple times over the last 10 years. The emails I sent to the registrant went unanswered,...

EU Gives More IP Protection to Food & Drink Producers

0
Did you know that some well-known food and drink varieties are protected intellectual property regulations? Popular types of drinks and foods that are protected...

Price Testing

1
In 2022, my wife and I decided our kids were ready for some big mountain skiing and we planned a trip to the Rocky...

GoDaddy Making You Sign in to See What You Renewed (Updated)

3
This morning, I noticed something different in a domain name renewal email from GoDaddy. Instead of telling me exactly what domain names I renewed...