How to Prevent Domain Hijacking

Protecting Your Domain from Unauthorized Takeover

Domain hijacking is the unauthorized transfer or control of a domain name. It can result in complete loss of your online presence, email access, and brand identity. Understanding how hijacking occurs is the first step toward prevention.

How Domain Hijacking Happens

Social Engineering

Attackers manipulate registrar support staff into making unauthorized changes:

  • Impersonating the domain owner with stolen personal information
  • Providing forged identification documents
  • Exploiting weak verification procedures

Account Compromise

  • Credential stuffing with leaked passwords from other breaches
  • Phishing attacks targeting the registrar login
  • SIM swapping to intercept 2FA codes sent via SMS
  • Malware capturing login credentials

Email Account Compromise

Since domain transfers often require email confirmation:

  • Hijacking the admin email account to approve transfers
  • Changing the admin email address first, then initiating transfer

Registrar Vulnerabilities

  • Security flaws in registrar systems
  • Insider threats at registrar companies
  • API vulnerabilities

Prevention Strategies

1. Enable All Available Locks

  • Registrar Lock (clientTransferProhibited): Prevents unauthorized transfers
  • Registry Lock: Additional server-side lock requiring manual verification
  • Update Lock: Prevents changes to DNS settings and contact info

2. Secure Your Registrar Account

  • Use a strong, unique password (20+ characters)
  • Enable hardware-based 2FA (YubiKey) over SMS
  • Use a dedicated email address for domain management
  • Review login history regularly

3. Protect Associated Email

  • Use a separate, highly secured email for domain admin
  • Enable 2FA on the email account
  • Don't use the domain's own email for domain management (circular dependency)

4. Monitor Your Domains

  • Set up WHOIS monitoring for any changes
  • Subscribe to registrar notifications
  • Monitor Certificate Transparency logs
  • Check DNS records regularly

5. Use Registry Lock for Critical Domains

Registry lock adds a manual verification process (often requiring phone calls and PINs) before any changes can be made. This is the strongest protection available.

If You've Been Hijacked:
  1. Contact your registrar immediately
  2. File a complaint with ICANN (for gTLDs)
  3. Initiate a UDRP (Uniform Domain-Name Dispute-Resolution Policy) proceeding
  4. Contact law enforcement
  5. Preserve all evidence of ownership
← Previous: Choosing DNS Providers Next: SPF, DKIM & DMARC →