π¨ Act Immediately
Time is critical. The longer you wait, the more likely the thief will transfer the domain to another registrar, change WHOIS data, or sell it. Start the recovery process within hours, not days.
Step 1: Contact Your Registrar's Fraud Department
Your first call should be to your registrar. Not regular supportβask specifically for the fraud department, abuse team, or security team.
What to Tell Them
- β Your domain name and account details
- β When you last had access
- β What unauthorized changes were made
- β Any evidence of the breach (suspicious emails, login alerts)
- β Request they lock the domain immediately to prevent transfer
Many registrars can place an emergency hold while they investigate. This prevents the thief from transferring the domain to another registrar.
Step 2: Gather Evidence
You'll need proof of ownership. Collect everything you can:
π§Ύ Documentation
- β’ Original registration confirmation
- β’ Renewal receipts
- β’ Credit card/PayPal statements
- β’ Previous WHOIS records (archive.org)
- β’ Business registration using the domain
π» Technical Evidence
- β’ Website backups showing you built it
- β’ Email records from the domain
- β’ DNS configuration history
- β’ Server logs
- β’ Google Search Console verification
Step 3: File an ICANN Complaint (If Registrar Doesn't Help)
If your registrar is unresponsive or unhelpful, escalate to ICANN. All ICANN-accredited registrars are contractually obligated to follow certain procedures.
File a Transfer Dispute Complaint
Go to icann.org/compliance/complaint and file under "Transfer Problems."
ICANN will contact the registrar and require a response. This often accelerates resolution because registrars don't want ICANN compliance issues on their record.
Note: ICANN doesn't directly resolve disputesβthey ensure registrars follow their contractual obligations. But this pressure is often enough to get action.
Step 4: UDRP (For Trademark Cases)
The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is designed for trademark disputes, but it can help in hijacking cases where you have a registered trademark.
UDRP Requirements
- 1. The domain is identical or confusingly similar to your trademark
- 2. The current holder has no legitimate rights to the domain
- 3. The domain was registered/used in bad faith
Cost: $1,500 - $5,000+
Timeline: 45-60 days
UDRP is filed with approved providers like WIPO (World Intellectual Property Organization) or NAF (National Arbitration Forum). It's faster and cheaper than court but requires meeting specific criteria.
Step 5: Legal Action (Nuclear Option)
If administrative channels fail, you may need to pursue legal action:
- Anticybersquatting Consumer Protection Act (ACPA) β U.S. federal law that allows damages up to $100,000 per domain
- Computer Fraud and Abuse Act (CFAA) β If the hijacking involved hacking your account
- Civil lawsuit β For conversion (theft) of property
Legal action is expensive and slow, but it's sometimes the only option for high-value domains or when the thief is in a different jurisdiction.
How Domains Get Stolen
Understanding the attack vectors helps prevent future incidents:
π§ Phishing
Fake emails from "your registrar" trick you into entering credentials on a lookalike site. This is the most common method.
π Credential Stuffing
If you reuse passwords and one site gets breached, attackers try those credentials on registrar accounts.
π Social Engineering
Attackers call registrar support, impersonate you, and convince them to reset passwords or transfer domains.
π¬ Email Compromise
If attackers gain access to your registrant email, they can reset passwords and approve transfers.
Prevention: Protect Your Domains
Security Checklist
- β Enable 2FA β Use hardware keys (YubiKey) if your registrar supports them
- β Keep transfer lock ON β Only disable when actively transferring
- β Use a unique, strong password β Never reuse registrar passwords
- β Secure your email β Your registrant email is a single point of failure
- β Enable Registry Lock β For high-value domains, this requires manual verification for any changes
- β Monitor WHOIS β Set up alerts for changes to your domain records
- β Choose a secure registrar β Cloudflare, Google, and others support hardware 2FA
Choose a Registrar That Takes Security Seriously
Not all registrars have the same security posture. Some have suffered multiple breaches; others support hardware security keys and have dedicated fraud teams.
Compare Registrar Security β