Domain hijacking: Could your business be at risk?

Domain hijacking, is your business at risk?

Microsoft and Google are examples of just two big brands that have had their domains hijacked, proving that even those with the most prolific security systems aren’t necessarily immune. So do all managing directors, business owners, and CEOs need to be concerned about the safety of their online business?

Here, Daniel Foster, technical director at domain name registrar and hosting company, discusses what a domain hijack could mean for your business.

How your domain could get hijacked

For your domain to get hijacked, hackers need to get into your registrar account. In a nutshell, domains work like this: the domain name, e.g., is registered, and then the owner has a control panel where they have full control of the domain. From the control panel, the domain name is pointed to the web servers where the website’s data is hosted (like web pages and scripts, for example).

For it to be hijacked, a hacker needs to get hold of the domain registrar name, and the administrative email address associated with it. It’s not difficult to find this information, anyone can find it through the WHOIS data of the domain. After they hack your email, the logins for your domain can be reset and they can take control of it. Next, the domain can be pointed to different web servers, meaning traffic goes elsewhere instead of to your website.

Whether it’s a competitor wanting to harm your company, someone holding a grudge, or even a hacker looking to bribe you, there are many reasons why you might get hijacked. Unfortunately it happens, so you need to guard against it.

What this can do to your business

In a matter of minutes you can lose the most crucial part of your online business. If your domain is stolen you lose your website, potentially your reputation, and overall revenue of your online business will dwindle.

If someone is redirecting traffic away from your website, whether it’s to an identical site they have set up so customers won’t even notice they’re giving money or inputting their personal data to someone else, or if it’s creating offensive material that will tarnish your reputation in seconds – your entire online business could be shattered.

What if this happens to you?

There are a couple of organisations in the domain name world that you should be familiar with, not just in case you fall into trouble with hackers, but for a multitude of reasons.

The whole domain name system (DNS) was designed in the first place to make the internet accessible to human beings (so websites have domains like, not a sequence of numbers difficult to remember). This means that IP addresses (that mean we can use the Word Wide Web to send information to each other) can be changed and the entire internet will see the change within 24 hours. So it’s important that you are aware of the organisations that can help you with this if you ever need it.

ICANN (internet corporation for assigned names and number) is one of the most important. The not-for-profit corporation is dedicated to keeping the internet secure; and they have put processes in place for registrars to help them deal with issues like hijackings.

First port of call: your registrar

However, before contacting any of the above organisations, you should always speak to your registrar first if you believe your domain has been hijacked. In some cases it might be down to an issue within your system, or generally something that can be fixed by your registrar. As the company that you bought the domain from, your registrar can start ICANN procedures if needs be, and then open up communication channels with the person that has your domain.

For both Google and Microsoft, the hijacking of domains weren’t down to comprehensive hackings per-say; but a result of the company not looking after their domain properly. For Google, a former employee purchased the domain name through the company’s own ‘Google Domains’ service in September – for just $12 (£7.80). Google cancelled the sale minutes after it had gone through – but it still went through.

In 2003, Microsoft’s slip up wasn’t dissimilar. The business simply forgot to renew its domain, and so the domain was snapped up by someone else. Luckily the new owner informed the giant of its slip up and gave the domain back. But all businesses won’t be this fortunate. So keep on top of renewals. And if you are making any changes to your domain or hosting, double and triple check that you’re not opening it up to being picked up by someone else.

Depending on the severity of the situation, however, your registrar could point you in the direction of a lawyer.

When it’s time to get a lawyer

The last thing you want to hear is that you will need a lawyer to fix it, but in severe cases, it really is better to have an expert fighting your corner. Going through the legal maze can be tricky and costly without a lawyer making your case. You can find attorneys that are experts in this field, and we’d suggest doing so if your registrar can’t fix the problem.

With a new story appearing on a weekly basis about cyber crime and hackings, it’s not surprising that businesses feel concerned about their website and domain’s safety. Business leaders should feel assured, however, that there are laws in place that can return their domain if it’s ever hijacked. But don’t be lazy in your attempts to protect it. Your domain could be everything to your business.

For more information, please visit