Domain hijacking, or domain theft, occurs when a person improperly changes the registration of a domain name without permission from the original registrant. A domain can be hijacked for several reasons: to generate money through click-through traffic, for resale to the proper owner or a third party, to add value to an existing business, for malicious reasons, or to achieve notoriety.

The costs of domain hijacking are significant. According to Symantec, a security-software company, in 2012, the economy lost $400 billion as a result of incidents of domain hijacking and related crimes. A variety of domain names have been hijacked in recent years, including the U.S. Marines, The New York Times, Twitter, Google, The Huffington Post,, and Craigslist.

Once a domain is hijacked, it is difficult to recover. If you suspect your domain has been hijacked, immediately contact the company with whom you registered the domain. To the extent the registrar can confirm your domain has been hijacked, the registrar should work to help transfer the domain name back to you. It is rare, however, to recover any damages incurred during the period that the domain was improperly in the hands of a third party.

There are few alternative actions if the registrar does not or cannot act. Both litigation and ICANN proceedings can be expensive and time-consuming.  Neither option may adequately protect your online business and reputation during the proceeding. In some instances, it may be cheaper to just create a new webpage and register a new domain.

Choose your registrar carefully

Because of the risks associated with domain hijacking, it is important that companies take steps to make any attempted hijacking more difficult. First, make sure that the registrar with whom you register your domain is reputable. There are hundreds of registrars, so it is important to do your research. You might also consolidate all of your domain names with one registrar, which simplifies your ability to monitor all of your domains.

Update your contact info

Make sure that your contact information is updated. Registrars tend to use email as the primary means of communication and to reset passwords for your account. If that email lapses for any reason, then someone else can change your domain registration more easily.   Consider using an administrative email, so that you don’t have to update the email every time the person responsible for the domain name changes.

Create a secure password

Secure your user names and passwords. As with other passwords, make your password difficult to guess. Limit access only to those who absolutely need it.

Protect your personal identity

Consider using Whois Privacy Service, which makes your contact information private. This option may have drawbacks, however. For example, it may be difficult to prove that you are the true registrant of the domain if this feature is enabled. It may also create additional delays in the event that you have to use a legal process to recover a hijacked domain.

Keep a watchful eye

Monitor your domain for any unauthorized changes. Make sure that you regularly check your information and that you contact your registrar if you find anything unusual.

Consider a registrar lock

Many registrars offer the ability to lock a domain, which prohibits the domain from being transferred, modified, or deleted by a third party.

Renew your domain name on time

Make sure that you carefully monitor the expiration of your domain name registrations.   Once a domain has expired, it can be easily registered by someone else. In fact, some people use automated programs that allow them to monitor expired domains, purchase them, and then try to sell them back to the original registrant or to third parties. For those domains that are critical, it is worth considering renewing the registrations early and for longer periods of time.

Take these few simple steps now, and help prevent the hassle and expense of trying to recover your domain down the road.

For more information on this topic, please visit our Domain Theft service page, which is part of our Internet & eCommerce Practice.

Klemchuk LLP is an Intellectual Property (IP), Technology, Internet, and Business law firm located in Dallas, TX.  The firm offers comprehensive legal services including litigation and enforcement of all forms of IP as well as registration and licensing of patents, trademarks, trade dress, and copyrights.  The firm also provides a wide range of technology, Internet, e-commerce, and business services including business planning, formation, and financing, mergers and acquisitions, business litigation, data privacy, and domain name dispute resolution.  Additional information about the Internet & eCommerce law firm and its Internet & eCommerce attorneys may be found at

Klemchuk LLP hosts Culture Counts, a blog devoted to the discussion of law firm culture and corporate core values with frequent topics about positive work environment, conscious capitalism, entrepreneurial management, positive workplace culture, workplace productivity, and corporate core values.

Also published on Medium.