-
Recent Posts
Recent Comments
Archives
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- March 2011
- November 2010
Categories
Meta
Tag Archives: your-domains
How Hackers Can Use Your Expired Domains to Steal Data
The post How Hackers Can Use Your Expired Domains to Steal Data appeared first on HostGator Blog . When businesses and blogs rename or merge, old domains sometimes get left behind. Security researchers say expired domains can put data at risk. Scammers may set up fake shops on expired domains and use them to steal credit card data from unwary bargain hunters. Or they may target email accounts linked to the domain to scam clients, steal company secrets and break into employees’ shopping and travel accounts. Prevention is as easy as renewing and protecting all your domains—but that’s not always simple, especially if you own a lot of domains. Here’s what you need to know about your risks when a domain expires and how to keep yours current. What Happens When Domains Expire? The first thing you need to know is that when domains expire, they’re available to anyone who wants to pay to register them. They’re also easy to find online, through sites that offer expired domain name searches and lists of recently expired domains to bid on. Some buyers buy expired domains for legitimate projects. Others are not so ethical. Your expired domain could end up as a fake online store Criminal gangs snap up expired domains to turn them into phishing sites. That damages the brands that lose their domains, the brands impersonated by the scammers, and shoppers who fall for the scam. Security blogger Brian Krebs profiled a photographer whose old portfolio domain was turned into a fake athletic shoe store after her registration lapsed . Thieves used it to steal credit card data for resale on the dark web. For the photographer, the damage went beyond the loss of her website. She had no way to access social media accounts that were linked to her domain email address, because the scammers changed her passwords. Now the domain that used to host her portfolio redirects to the official adidas website, after adidas and Reebok sued the scammers who exploited her expired domain along with hundreds of others. Your expired domain could let data thieves into your business Last year, security researchers with Australian cybersecurity firm Iron Bastion proved that registering abandoned business and law firm domains could give criminals access to insider data. By setting up a catch-all email forwarding service for domains they re-register, criminals can access confidential client data and emails. They can run scams using this information or sell it on the dark web. They can also take over former employees’ social media, banking, and professional accounts by changing the passwords linked to the old domain’s email addresses. What should you do with domains you don’t use anymore? Security experts say the best way to safeguard your old domains is to keep renewing them , even if you’re not currently using them. Then you should close the email accounts associated with those domains and unlink those email accounts from alerts sent by banks, airlines, and other services that handle sensitive (and valuable) information. If you must let your old domains go, you’ll need to be thorough about updating any online accounts you and your employees set up using old domain email addresses. Then you’ll need to close those email accounts. In either case, it’s wise to let your customers and vendors know about your change of email address. Give them some advance notice, ask them to whitelist your new email address, and then ask them to delete the old address when you’ve closed that account. For any email account on any domain, it’s always a good idea to set up two-factor authentication (2FA). By requiring a code from an SMS message or an authenticator app, you reduce the risk of someone maliciously changing your password on your email account and other accounts you set up with your email address. And speaking of passwords, don’t make it easy for hackers to guess or brute-force yours. Every email address on your domains should have a strong password that’s not used for any other accounts. How can you keep all your domains current and safe? Follow these recommendations from domain security experts to keep your domains in your possession. Give your domain registrations fewer chances to lapse. Start by registering or renewing for the longest amount of time you can, like three years instead of one. Then set your registrations to auto-renew. Keep your registration information up to date. Update your domain registration accounts when your email address, phone number, or other contact information changes. Changed credit cards or online payment services? Make sure you change your domain payment information, or your auto-renewals will fail. Keep your registration information private. Domain privacy protection costs a few dollars a year, and it’s worth it. If you add domain privacy when you register your domain , your registrar’s contact information is listed in the WHOIS public database. Without domain privacy, your name, email address, and other personal data are on display. That can put you at risk for spam, scams, and harassment. Lock your domains. Domains must be unlocked when you’re transferring them to a new host. Otherwise, lock them to keep scammers from transferring them to a different web host without your consent. In HostGator’s Customer Portal, you can lock your domains for free. Navigate to Domains in the left sidebar. Under Manage Domains , you have the option to lock all your domains at once. You can also click the More button for any of your domains to lock one at a time. Under Domain Overview , click the Change link next to Locking . That takes you to Domain Locking. Then you just move the switch to Locking ON and click Save Domain Locking . Now your domain is protected against theft by unauthorized transfer. And with auto-renew in place and good cybersecurity practices , your domains are safe from expiration and exploitation. Ready for a new domain? HostGator now offers new customers a year of free domain registration with selected hosting packages and top-level domains. Sign up for 12 or more months of hosting, register a .com, .net, or .org top-level domain, and get the first year’s domain registration for free. See complete offer details here . Find the post on the HostGator Blog Continue reading
Posted in HostGator, Hosting, VodaHost
Tagged auto, credit-cards, expired, expired-domain, registration, scammers, social-media, vodahost, your-domains
Comments Off on How Hackers Can Use Your Expired Domains to Steal Data