Domain Registrar Account Phishing: Who is at Responsible?

I would imagine that just about every domain name owner has received an email that purports to be a domain registrar. Typically, these phishing emails request that the recipient click a link within the email and then provide private account information, which would give the sender access to the domain owner’s registrar account. Some of these emails look pretty close to actual registrar emails, and they can be confusing.

I’ve shared some probably examples of phishing emails I received or were submitted to me. For instance, here is an example of a likely GoDaddy phishing email and here is an example of a likely Register.com phishing email. I also discussed why domain registrar phishing emails are bad for everyone who buys and sells domain names. Put simply, domain phishing is harmful to the business of domain investing.

The question I have today is who is responsible  when a customer’s domain registrar account is hacked and their domain names are stolen, and who should be responsible for ensuring successful recovery of a domain name after a domain hijacking?

With phishing, there is quite a bit of blame placed on the domain owner who likely caused this to happen by accidentally providing account information to an unauthorized party. Yes, it was an unintentional error that may have caused the theft, but the thief probably wouldn’t have been able to steal domain names without having that information. It can be very expensive for a domain owner to recover a domain name using legal channels, and it can get complicated if the current registrant is not the thief (ie the domain name was resold).

On the other hand, many registrants may not be aware that domain name theft is a major problem, and they may not think about account security in the same way they would for their bank or financial institution. There  are  marketing emails, ICANN update emails, expiration emails, and other types of emails sent by domain registrars, so these emails  can be confusing for recipients.

When it comes to domain name theft, do you think the domain owner who may have been phished should bear the costs of recovering a domain name, or should the domain registrar be responsible for verifying claims and recovering domain names? Should ICANN play any role in assisting with a domain hijacking? I recently read that the ICA is working on something, and I am curious what your thoughts are on the processes and policies for recovering stolen domain names.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Squadhelp Adds Escrow.com as a Payment Option

1
Squadhelp has added Escrow.com as a payment option for buyers. The addition of the Escrow.com option was shared by ARIYAS on X this morning: 👍...

Some Thoughts on .AI Domain Names

17
There is no question that .AI domain names have become a hot topic of late. With considerable amounts of venture funding flowing into AI...

Handoff to Dan on Imported Leads Can be Confusing

0
I've been using the lead import option at Dan.com more regularly. Although the 5% commission is not ideal, transactions tend to move more quickly...

ArtificialIntelligence.com Goes Up for Sale

11
I tried to buy the ArtificialIntelligence.com domain name multiple times over the last 10 years. The emails I sent to the registrant went unanswered,...

EU Gives More IP Protection to Food & Drink Producers

0
Did you know that some well-known food and drink varieties are protected intellectual property regulations? Popular types of drinks and foods that are protected...