What is Domain Hijacking and how to recover a stolen domain name

Do you run or maintain a website? If so, you must have heard the term – Domain Hijacking. With competition taking over the market these days, protecting your businesses identity is a must. And domains are one of the most vulnerable asset these days. This post is all you need to know about Domain Hijacking, how to prevent it and how to recover a stolen domain name

What is Domain Hijacking

Domain Hijacking is a form of theft where the attacker takes access of a domain name without the consent of the original registrant. Hijacking can happen due to security flaws on your end or the end of your domain/hosting company.


How is it done

These days businesses are coming online, and their web properties are a major asset to companies. Hacking into someone’s website is almost equivalent to depriving them of their profits and earnings. So that is why hackers prefer to hijack domains and deprive a company of its internet identity.

One reason that can cause your domain name to be hijacked could be your negligence towards security. Once, you’ve registered a new domain; the provider gives you access to the domain’s Control Panel. This panel lets you change your domain’s settings that point to the original server. And while you created your account, you must have provided an email address that will have administrative access. If the hacker can access this administrative email account, he can also have control over the domain’s control panel and eventually all the settings. Hackers usually obtain your email and other information from the WHOIS data records.

The other reason could be due to security issues with your domain provider. If the hacker has access to back-end services provided by your Registrar, then probably your domain is at risk of getting hijacked. So, it is suggested to choose a good trusted domain provider.

There could be a third reason as well. Your domain registration expired, and you have disabled auto-renewal. Someone may register your domain in the meantime and you will be left with nothing. You cannot take any actions on the hijacker as his/her actions are completely legal. So to avoid this from happening, you have to make sure you’ve enabled auto-renewal on your domain names and register domains for longer durations.

What are hijacked domains used for

Malicious use

Why are websites hacked? What exactly does a domain hijacker do this? Usually, the hijacked domains become inaccessible, and if the website was a source of income, you’ve started losing your money as well your online identity. The hacker may demand money from you to transfer the domain name back to you. Or the hijacker might replace your website with another similar looking website and misuse it for Phishing or other malicious activity. This might fool your users and lead them to enter their sensitive credentials on a fake website.

Domain Transfer

The hacker may transfer the domain’s ownership to some other name. In this case, it is very difficult in fact almost impossible to get your domain back. The hacker may impersonate you and request the domain provider to transfer the domain to some other account or entirely different domain provider. This is a very difficult scenario as you may need legal help here. Also, if you are not able to convince the domain provider about your situation, the company may decline to cooperate.

How to prevent Domain Hijacking

Prevention is the cure! The first step in ensuring your domain’s security is choosing a good trusted domain provider. Make sure your domain registrar is in the list of ICANN accredited registrars. A complete list can be found here.

Now once you’ve registered and created your account, ensure a strong and unique password to your Control Panel as well as your associated Email account. Also, follow some common steps towards maintaining the security of your email account.

Not just domains, if the hacker has access to your email account, he/she can practically reach into any of your accounts. Make sure you’ve reviewed your email security settings recently. Enable security features such as two-factor authentication and sign in alerts to stay secure. The best way to protect a domain is by protecting the administrator email address associated with it.

You can also opt for WHOIS privacy, a service offered by many domain providers. If you’ve purchased this service then the domain registrar will hide or change your WHOIS data, so, that the hacker does not get your real details and the real administrative email address.

How to recover hijacked or stolen Domain name

The first step involved in recovering the domain is by contacting your domain registrar. Call the support team and explain them the entire situation. Give them relevant details and complete any required paperwork. In some cases, the registrar itself is of no help. As the domain has already been transferred to some other registrar and that too probably in some other country. So, there is no other way out then getting legal help. Most of the registrars offer 24/7 call service support; you should keep this in mind while choosing a registrar.

The other option is to contact ICANN Registrar. What is ICANN?

To reach another person on the Internet you have to type an address into your computer — a name or a number. That address must be unique so computers know where to find each other. ICANN coordinates these unique identifiers across the world. Without that coordination, we wouldn’t have one global Internet.

ICANN has a separate documentation on domain dispute resolutions. Here is the link to their help page. Read the documentation carefully and follow the steps and it may help you recover your hijacked domain. Also, it is advised to choose an ICANN accredited domain registrar to take any such benefits.


Recovering a stolen domain name is not always an easy job, and it is therefore imperative that you maintain adequate website security. If you are handling your company’s websites yourself, you need to be protected from any form of website hijacking and theft. There’ve been many cases where the website owners were forced to change their domain names as they were left out with no other option and legal help was way too expensive. So, to avoid any such circumstances, you should keep your Control Panel & email account password secured and enable Domain Privacy Protection.

Now read: What is DNS Hijacking?

Posted by on , in Category Security with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.