Is It Possible To Steal Domain?
In order to understand whether it is possible to steal a domain, you need to become clear with the word “steal”. By this term, we imply operations of the following kind.
Imagine you are selling, let’s say, socks, and you own an eCommerce website. Every day, many users interact with your platform – choose products, make purchases, etc. The name of your site, its domain, is the name of your company, which makes it easier for users to find your site among hundreds of the same ones.
Now, imagine that one morning you realize that something is wrong with your site. It displays completely different content, design and, in general, it is a completely different platform. You’re looking for answers from your admins, but they assure that on the server-side everything had been working without interruptions. So, what happened? One of the most prevalent options is that this is a domain. It was stolen.
How could this happen? Well, weak security measures as the most prevalent mistake. Someone has hacked your domain registrar acc and now has full access to all operations associated with it, including altering the name of DNS servers. This happens because people pay little importance to their own security and specify the same passwords for different services. For example, in our case, an attacker was able to find out the password from your email and used it to enter your domain registrar account. Since you used the same password, he succeeded. Now he, quite legally, can change the settings of your domains.
Finding out the email address associated with a specific domain is not a difficult task, just furnish a WHOIS request and the email will become public. After that, the burglar needs to guess a password from your mail and everything happens as we said above.
The attackers may use various methods in order to obtain the information of your domain account. It may be a phishing attack with a fake page (where you will personally write down your email and password), as well as the domain registrar data leak or your trivial carelessness.
After gaining access to your domain account, attackers can unlock access to a specific domain, obtain the EPP code and reassign your domain title to any kind of different registry. That’s it, your domain is no longer yours.
That is the action sequence that may be called “theft”.
How you can lose your domain?
However, there could be another situation. Technically, it cannot be called theft, but many people mistakenly believe that this is a crime. The situation, which we describe below, occurs, again, by inattention and with the ardent competitors’ “help”.
The fact is that ownership of any domain needs to be renewed from time to time. When registering a domain, you will be presented with a choice of two options – Manual Renewal and Auto-Renewal. If you have chosen the second one, funds would simply be debited from the card you indicated when it was time to renew the domain. If there are not enough funds on the card, a reminder letter will be sent to your email.
If you chose Manual Renewal, a letter will be sent to your email warning you that your domain needs to be renewed. After that notification, you will have to independently renew the registration of your domain name.
In both situations, if the domain is not renewed for one reason or another, it will be sent to the so-called “quarantine”. In this state, your site’s visitors will see one permanent page informing that the domain is awaiting renewal.
If the extension was not carried out, on the 4th, and then on the 12th day, you would receive a reminder letter to your email. On the 19th day of waiting, DNS gets interrupted. Further, the domain will enter the buyback stage. On the 25th day, the domain will be put on auction. If at that point you still haven’t renewed its registration, you will have to bid for this domain on an equal footing with all other applicants. On the 41st day, if there are no buyers, all auctions will be completed and the domain goes to its respective registry.
In fact, even if you forget about renewing your domain, you will have at least 30 days to do this safely.
As you can see, stealing your domain is a very real and feasible task. Be on the lookout if you have serious competitors who like your domain. Keep your security and recheck your passwords and credentials regularly.