How to avoid domain hijacking

What is Domain Hijacking?

Domain hijacking, also known as domain theft, is the practice of changing a domain name’s registration without the permission of the domain’s original registrant. While many may assume that domain hijacking is accomplished through nefarious methods, domain hijackers most commonly acquire a domain owner’s personal information in order to persuade the domain registrar to transfer the domain to the hijacker. Because there are currently no specific international or federal laws that explicitly criminalize domain theft, recovering hijacked domains can often be difficult, time-consuming, and expensive. Safeguarding credentials for the domain registration account, in particular maintaining secure passwords that are changed periodically, is one of the best steps to avoid domain theft.

Common Ways Domain Hijacking Occurs

One of the most common ways domain theft happen is where the hijackers either through fraud or hacking the domain owner’s accounts gains access to the domain registration account and simply transfers ownership of the domain. This often results in the domain registration being transferred to an entity in foreign countries making legal recourse difficult. Another method of domain hijacking is via the hosting or registrar companies as opposed to through the domain owner’s systems. In this method, the hijackers may stop or cancel a customer’s payment to renew the domain registration so that the registration expires and is obtained by the hijacker. Domain hijackers may even fraudulently enter whois-data to access the domain registration account.

Tips to Stop Domain Theft

Responding to domain theft can be difficult. For domains that have trademark protection, a trademark infringement lawsuit or claims for violation of the Anti-Cybersquatting Consumer Protection Act (ACPA) are a possibility. The domain owner may also employ a domain name dispute proceeding under ICANN or UDRP. These proceedings are typically less expensive than a trademark infringement/ACPA lawsuit filed in federal court.

In other cases, the domain owner may have to pay a blackmail or ransom payment to obtain the domain registration back. Other times, registration information can be simply returned to its original state by the current registrar. Finally, if the domain credentials have been comprised by an ex-employee or disgruntled vendor, a lawsuit seeking injunctive relief may be the quickest path to recovering the domain name. Texas is one of the few states that allows for pre-suit depositions. If an ex-employee, vendor, or other known person is suspected of domain theft, filing for a pre-suit deposition may be the best option.

If domain theft occurs, an Internet attorney experienced in domain hijacking as well as trademark law is likely the best starting point to recover the domain.

Internet Law and E-Commerce Legal Services

Our team of lawyers and other professionals advise clients regarding internet law and e-commerce legal issues on a broad range of topics, including:

You can find additional information in our Internet Law & E-commerce Overview page or our Intellectual Property Quick Reference Guide.

See our Legal FAQs page for the answers to more intellectual property law questions.

Still Have Questions About Domain Names, Internet, or Ecommerce Law?

If you enjoyed this law article, please share on social media or gives us a link because it helps us develop more educational legal content.


More Questions about Domain Hijacking or Theft?

Read Latest Developments in Internet and Ecommerce Law