The latest issue of the Domain Name Industry Brief focuses on “domain name hijacking,” in which perpetrators fraudulently transfer domain names by password theft or social engineering.
As defined by security experts, domain name hijacking occurs when an attacker falsifies the registration data for a domain name, transferring that name away from its rightful registrant and gaining full administrative and operational control over the domain.
The brief analyzes how attackers use a wide range of techniques to hijack domain names, from spyware and keystroke loggers to “social engineering,” in which scammers impersonate registrants, registrars, or other entities in the chain of trust in order to gain access to passwords and personal information.
Regardless of the technique used, the end-result for registrants is often severe. Once an attacker has full control of a domain name, they have free reign to use it for any number of nefarious purposes, from creating their own scam websites, to hosting illegal and dangerous content, to extorting the original owner.
While the danger of domain name hijacking is significant, it is a threat that can be significantly reduced with proper planning and mitigation techniques, such as:
- Researching a registrar’s security offerings — and taking advantage of the tools they offer — can go a long way toward mitigating risk of hijacking;
- Employing password best practices for domain name registrations;
- Determining if a registry is using two-factor authentication to protect registrants; and
- Utilizing services such as Verisign’s Registry Lock, which allows registrants to set the conditions under which their registration information can and cannot be changed.
Verisign publishes the Domain Name Industry Brief to provide Internet users throughout the world with significant statistical and analytical research and data on the domain name industry and the Internet as a whole. Copies of the 2011 fourth quarter Domain Name Industry Brief, as well as previous reports, can be obtained at:http://www.verisigninc.com/DNIB.