--> -->

What is domain phishing and how to stop it

domain phishing
Author: Hamster, www.hostens.com

Loss of domain name is one of the detrimental things that can happen to a business that operates online. It is one of the most valuable assets for enterprises that rely on the internet for their operation. But the value of the domain is also a valuable asset to cybercriminals who employ several hacking methods to hijack the domain, thus exploiting the users in the affected domain name that can lead to the collapse of the business.

Click the link If you need to buy a website domain cheap →

What is domain phishing?

It is the theft or misuse of a registered domain by a malicious party to take control over the domain with different motives. In the process, the rightful owner loses control of the domain. It can be a devastating thing to the rightful owner of the domain name, posing a security threat to business. However, some enterprises that have strong security policies often overlook domain phishing irrespective of the risk it can unleash.

For instance, some domain owners often overlook the application of some basic precautions that can help them to protect their domain. They only acquire the minimum domain and overlook the protections that can save them from domain phishing.

There is an array of  method that malicious parties can employ to achieve domain phishing:

  • Social engineering. It is the most effective method used by cybercriminals to achieve domain phishing. In the circumstance the criminals can impersonate the domain registrar or employees of an organization through the phone to get confidential information of the actual domain registrar, thus hijacking the domain name. similarly, the criminals may also launch a phishing campaign aimed at the victim business or domain name. The management of the domain may also be fooled to feed the login credentials on fake impersonated sites thus enabling the criminals to get credentials of the site. The credentials can help the cybercriminals to transfer the domain name to another registrar that is often shady.
  • Malware infection.  In malware infection, the system of the domain name can be infected with malware. The criminals may use malware such as keylogger or trojan to gain access to the credentials of the domain control panel
  • The exploitation of the vulnerability domain registry system.  It is a rare case, however, it is possible that a domain can suffer because of the variability of its registrar system. In case such a scenario occurs,  the hackers can gain access private required to change the domain to another registrar.  Unfortunately, globally trusted registrars are not immune to such vulnerabilities. Therefore systems should be monitored frequently to surprises the chances of occurrence of domain phishing.
  • Guessing passwords. Cybercriminals are very sophisticated criminals. The criminals can guess weak passwords used in the domain control panel thus compromising the domain. The gain to the domain through the use guessing of a password depends on the choice of the registrar: some domains may be protected by time bases lockouts that protect them against password guessing rendering password guessing useless. Besides, the cybercriminals can use brute – force(a popular password hacking method) to gain access to confidential information of businesses. The mothed includes use all possible numbers, special characters, letters until they crack the password or guess correctly.  The administrator credentials such as emails associated with the domain can provide leeway for domain phishing if the direct lookup is done in the WHOIS database. The admin email must be hacked first by the criminals to unlock the domain control to take full control of the domain. Once the criminals gain access they can manipulate the control panel password and take over the domain. As result, anyone listing their confidential information in the WHOIS database is providing leeway for cybercriminals to hijack their domain.
  • Expired domain.  The domain hijacker can monitor domains that are due to expired with the hopes that the owner may fail to renew it on time. An expired domain can easily be manipulated by cybercriminals. For instance, in 1999 Microsoft forgotten to renew its domain and Hotmail. Co.uk  in 2003 that exposed the companies to domain hijackers. Most registrars normally sensitive with their renewal reminders, however, emails may reflect them as spam.  Such situations are not easy to recover from since it is not illegal to buy an expired domain.

 Who is prone to domain phishing?

In the current world, online business is prone to domain hijacking since most business- international, national, or local has e-commerce. The website is becoming indispensable to many businesses. Hijacking a business’s website can deprive them of many things ranging from, good reputation, potential earnings, and profits. Hackers normally have different motives for hijacking the domain name of an organization. For instance, they can hijack the domain name for financial gain, to outdo the competitors, to access customer’s information. Furthermore, criminals may have political motives. Domain phishing can cost businesses dearly because of the danger it poses to indispensable information of the business.

How to restore the hijacked domain name?

Restoring a stolen domain name may take a long that may not be desired by the affected victim. Therefore, it necessary for all businesses operating online to take the security of their domain seriously. However, losing the domain does not mean the end of the world. A stolen domain can be recovered by the following methods:

  • Contacting your domain registrar. These are people who sell for you the domain. You can contact their support team and explain the incident. Ensure you provide them with relevant details such as, recent correspondences, the name of the account that was used to purchase the domain, and the completion of any paperwork that you may be required to complete.
  • Seeking legal help. This normally happens if the registrar of your domain is unable to restore the domain because the affected domain has been already transferred to another registrar. To prove the ownership of the domain the victim will be required to produce copies of the registration record of the hijacked domain or correspondences associated with the hijacked domain from the registrar, financial records associating the hijacked domain, and market materials associating the stolen domain with the affected organization.
  • Contacting of ICANN. This is the final option of restoring the stolen domain. The method involves extensive documentation associated with domain dispute resolution. The method has a well-defined procedure that can help in the restoration of the hijacked domain.

 How do organizations or people become victims?

Not everyone is wear that just clicking an unknown or knows link can cost them their domain dearly. No wonder phishing scams are common.

  • Overlooking of email best practices. It is next to impossible for hackers to merge data in emails. For instance, when a registrar sends emails to the domain owner, it should not address the owner of the domain by name. therefore, in such circumstances is not the registrar that has to send the mail, the mail is a phishing email indicating a red flag of domain phishing. In the circumstances, you can contact your registrar’s support privately with any questions.  Two minutes can save you from a nightmare.
  • Buying of cheap WHOIS data. Some registrars offer cheap WHOIS data to their clients. No wonder domain owners suffer multiple spams after registration of their domain name. For instance Fly- by night has been implicated in selling cheap copies of WHOIS data, thus attracting a lot of spam especially new domain registrars.
  • Overlooking of new verification requirements of WHOIS.  According to the 2013 RAA on the new verification requirements. The registrars are required to verify information in WHOIS. Domain phishing is often achieved by emailing the registrar to clink a link making the domain vulnerable to hijacking. To overcome the challenge the customers of the business should be encouraged to click the links in emails, instead of allowing them access to the site using login exposing them to scams.

How to protect yourself from falling traps of emails with domain phishing motives?

  • Pay attention to authenticity. There are several signs of identifying fishy emails. Fishy emails are associated with unique Identifiers. For instance, emails addressing the recipients with telltales such as dear Sir or madam are fishier oriented than ones that containing specific information such as account information or your name. does a message contain an incompatible URL? You should check links and verify the URL with the mail attached to the link. If they have different hyperlink address, it can be an indication of malicious. A reputable registrar cannot send an email with grammar and spelling mistakes. If the message has got multiple grammar and spelling mistakes, it is a clear indication of malicious since the emails form the registrar is normally reviewed for grammar, spelling, and legality. When the message asked for confidential information. This is the biggest red flag ever. Irrespective of the value or official the mail may appear; it is a malicious motive for an email to seek confidential information of the recipient such as passwords or answers to the security question of the recipient. And finally, never overlook your instinct, instinct does not come naturally, they are normally triggered by abnormality. If you doubt an email you can confirm it directly from the registrar to answer your instinct instead of regretting falling into the trap of the cybercriminals.
  • Engage 2 factors authentication. 2-factor authentication is a counter defense against a domain phishing attack. It should be provided by the registrar when buying a domain. In case you don’t have to seek one from the registrar to protect your domain.
  • Add WHOIS privacy. People listed in the WHOIS records are more prone to domain hijack. Therefore they should take the WHOIS privacy seriously to block the scam emails from reaching their inbox
  • Use of updated browsers with antivirus software. Morden browsers are sensitive to sites that are implicated in a phishing attack. They normally alert the users when accessing the site associated with a phishing attack. However, it can take a long duration for sites to be identified or flagged. This calls for use of antivirus software that will protect you from falling the traps of cybercriminals.


Restoring a compromised or hijacked domain is not easy. Regaining the trust of customers, reputation of business, and recovering from lost earnings is an undesired situation that no one would like to experience in life. In some situations of the domain owners of the website can be rendered option less but to only change their domain name that may not be popular at all. Such situations are evitable by ensuring that the administrative email account linked to the domain is protected. Since if your administrative email account for hackers you will automatically lose your domain. Ensure the security of your domain is prioritize and implementation of all protection measures to keep the domain phishing at bay. Technology is evolving every day and the tactics that hackers used to steal domains are also increasing every day.

Therefore domain owners should ensure they are updated with the current tactics that hackers employ to prevent their domain from being compromised by the criminals. Domains are a source of the lively hood, reputation, customer market, etc. Its protection is non-negotiable especially if your business operates online, and you want your business to flourish.


Related articles

Have any questions? Do not hesitate to contact us!