How To Protect Your Domain From Email Phishing & Domain Slamming
While the vast majority of all inadvertent domain losses are the result of accidental domain expiry, there are occasional attempts to “hi-jack” a domain name without consent or knowledge of the domain owner. The most popular methods for hi-jacking domains are explained in this article in the hope that you will put in place measures to protect your domain name.
Protect Your Domain: What is Domain Slamming?
Domain slamming” widely referred to as fake domain renewals, is when unscrupulous companies send you what looks like legitimate domain renewal invoices, but they are really cleverly disguised attempts to get you to transfer your domain to a new registrar!
When this happens, you still retain ownership of your domain, but it is possible for the web services built atop of that domain (like your website, your email server, etc) to stop working as the domain switches over to the new provider.
How To Prevent Losing Your Domain Through Slamming
The easiest way to mitigate against this is to educate your accounts payable department about your vendors. Show them what a real renewal invoice looks like and direct them to discard or seek additional approval internally for any domain related request that does not conform to your accepted, in-place renewal notices with your existing Registrar.
It is also important to inform and educate your team about your domain portfolio, what extensions belong to your brand? For example, if your site is www.yourbusiness.com, the fake invoice may be for www.yourbusiness.net or www.yourbusiness.info.
Protect Your Domain; What Is Email Phishing?
A more sinister variant of “domain slamming” are “email phishing” attacks. You may already be familiar with these when you get fake “online banking” notices that are trying to entice you to a fake website, posing as your bank. When you try to log in to your bank account they steal your login credentials and you get an error message.
The same thing happens with domain Registrars, where domain hackers try to harvest login details for user accounts at a real Registrar by sending fake notices to you pretending to be from your Registrar.
How To Prevent Losing Your Domain Through Email Phishing
You can guard against this by making it a point never to click on a link sent to you in email that is purporting to send you to your Registrar website, unless you are absolutely sure (by checking your browser’s “location” bar) that you are actually on your Registrar’s website when you get there.
Further, you should always login to your Registrar account using “SSL“, a type of encryption used for securing web sessions. You know you are connecting via SSL when the link starts with https:// as opposed to just http://.
A better tactic is once you are securely logged into your Registrar’s website: bookmark that website in your browser, and then always use that bookmark for future logins to your Registrars’ website. So when you receive an email that asks you to perform an action, instead of following a link in that email, use your local, tested and validated bookmark to get there.