The Business Risk of Abandoned Domain Names

by

When setting up your small business website, you want a memorable name and sleek Web design. You know your website is an important online calling card. Then, when you grow or your business evolves, you might rebrand and add a site. But wait, don’t abandon the old one.

When you set up your Web presence, you select a domain name, and it’s part of all your URLs (FYI: URL stands for uniform resource locator). For example, you have created stylish caps and coats for small dogs. You pick the CoutureCanine.com domain name for your business. Your emails come from TheBoss@CoutureCanine.com. Then, off you go building Web traffic to your cool dog duds.

Maybe you even think ahead and buy similar domain names. You can redirect traffic and avoid losing customers to misspellings or typos.

The domain name, after all, establishes the business and provides you with a foundation to grow. As you build the business, you may expand to new verticals and outgrow the dogs-only website. Or, perhaps you wrap up your line for pups and move on to dressing parakeets. Whatever your reason, don’t abandon those old domain names.

Abandoned Domain Name Security Risks

To keep your domain name, you must continue to pay annual registration fees. If you have multiple domains, that can be a lot of small renewals to track and pay. Along the way, a domain renewal gets overlooked. So, the domain name is abandoned.

Domain names can also get abandoned as a result of a business rebranding or company restructuring. Or you might decide a domain is no longer worth continued renewals.

Your hosting company should tell you the Internet domain name is due to expire. After you stop paying, after a certain grace period, anyone can buy that abandoned domain name.

That doesn’t sound so bad. You didn’t want it anymore anyway, right? But you don’t know who might snatch up your old online calling card. Bad actors buy up abandoned domain names and re-register them with catch-all emails.

What’s a catch-all email? Well, remember TheBoss@CoutureCanine.com? That was you. But maybe you also had distinct emails for accounts, info, sales, support, James, and Shauna. All of them were going through CoutureCanine.com. If someone emails someone at the previous domain owner’s business, it goes instead to the new owner. Having seized control of your old site, they gain access to all incoming emails, and they could see the information you don’t want them to see.

The bad actor could also access online services once used by james@CoutureCanine.com. All they would need to do is reset the password to hijack that account.

Security researchers have seen criminals claim abandoned domains to:

  • access confidential email correspondence;
  • access personal information of former clients and current or former employees;
  • hijack personal user accounts (e.g. LinkedIn, Facebook, etc.) linked to old domain e-mail addresses.

What to do with domain names

Especially if you use a domain name for email, don’t let the renewal expire. We didn’t even mention pirates who look for business websites that have lapsed so they can charge exorbitant ransoms to return that domain.

When you move to a new domain address, communicate the change with all your clients and vendors. Close any cloud-based user accounts registered with the old domain email address. Also, unsubscribe from email notifications that might share sensitive data.

Not sure about your domain name registrations, renewals, and what’s set to expire? An IT service provider can handle this for you. Our experts can make sure you don’t abandon domain names. Or we can ensure you close any associated accounts properly to protect your security.

Contact us now at (515) 422-1995.

Don’t Let Crooks Hijack Your Domain

by

Doing business today you are as likely to give out your website address as your email or phone number. Your Web domain is your business identity on the internet. Don’t risk falling victim to the cyberthreat known as domain hijacking.

You build up a business site to represent your brand online. Every bit of content, and all the fonts and images you selected, reflect your business. You probably also have email addresses at the domain name (e.g. sales@yourbusinessname.com). So, imagine the pain of finding out that someone else has stolen your domain.

When your domain gets hijacked, you lose control of your website, its email addresses, and all associated accounts. And it’s not easy to recover them.

The Infosec Institute shares examples:

An advertising agency spent US$15,000 and 19 months recovering its stolen domain.

The owner of ShadeDaddy.com lost US$50,000 and had to lay off six of its eight employees. He said domain name theft is “like your house got stolen.”

How does a domain get stolen?

There are several ways this can happen to a business or individual.

The simplest is that your domain name expires, and you don’t know it. Domain registrars must send notice one month and one week before the domain expires. But the reminders might go to an email address that is no longer active or to the Web company that set your site up years ago and with whom you no longer communicate.

Once your domain rights lapse, the site gets disabled. After that, the domain name goes back into a pool of domain names for anyone to buy.

There are people who make money from purchasing domains. They hope to make money off your company’s desperation to get its domain back. Or they profit from redirecting traffic from your reputable Web address to their own.

Then there are the hijackers. These cybercriminals also want to profit from Web traffic redirects or to access your domain emails to send false invoices. They might intercept emails sent to your domain to learn proprietary information. They could change the content on your site or redirect traffic to a hub for online gambling, or worse.

The hijackers might steal your domain by gaining access to the email account you used to set up the domain. Cybercriminals might use phishing emails to obtain the access credentials. They use the password reset mechanism to take over your account and transfer the domain to a different registrar.

Your domain registration company could be compromised, too. It helps to pick an accredited registrar for your domain registration.

Any of these scenarios can have a serious, lasting impact on your business. Once someone else has access to your domain address they can do whatever they want with it.

Protect Against Domain Hijacking

The first step is to protect your access credentials. Leveraging two-factor authentication can also help prevent hijackers from stealing your domain. A registry lock can also help. It requires more communication if someone tries to change domain registration. This lets you know of suspicious activity and gives you some time to react.

It’s also important to know who is managing your domain name and how it is being managed. A Managed Service Provider can take care of this ongoing process for your business. Reach out to our Web experts today! Call us at (515)422-1995

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy