From expired domain name to hijacked identity

By March 20, 2019Domains
raccoon

Completely abandoning a once used domain name without taking precautions is usually not a good idea. Expired domains, especially ones used for commercial purposes, can cause many problems and even more harm to their former owners if re-purchased by fraudsters for potential profit. The need for brand protection is notably greater for businesses with large domain portfolios who can suffer considerably more than individuals due to potential large-scale data breaches.

DOMAIN NAME EXPIRATION AND ITS CONSEQUENCES

What happens if a company stops using their domain? After an owner, for whatever reason, fails to renew their domain, its validity is automatically prolonged for a period up to 45 days in what is called the Grace Period. This period varies between registries and registrars and can include a final Redemption Period – sometimes with an additional fee. Finally, an expired domain name then becomes available for registration to anyone interested. Domain name scalpers and potential fraudsters can obtain a daily published list of dropped domains where the first to register becomes the new owner. There is no previous ownership or additional identity verification required.

Gabor Szathmari, an expert on cybersecurity with years of experience in both private and corporate sectors, has recently conducted an experiment together with his team. They monitored the domain market and registered six expired domain names that previously belonged to law firms. What happened later just proved how easy it is for anyone of ill faith to gain access to sensitive data.

After registering the expired domain, Szathmari didn’t have to go to great lengths in order to access private information. A simple catch-all email address allowed him to sit back and watch confidential data flowing into his private email. In a matter of days, the team came into possession of documents from former clients, details of previous business activities, confidential email content and personal data of former clients and business partners. Examples of the most classified information now available to the new registrant included: debit cards balance, hotel booking, invoices, court proceedings details and private messages containing phone numbers.

The damage doesn’t end here, however. Business email addresses are frequently connected to various social networks and profession-related online platforms. The next portion of data which was made accessible to the research crew covered accounts at LinkedIn, Facebook, Twitter and other websites. Clicking the “forgot password?” button allowed Szathmari to quickly reset the passwords and log into the company’s accounts. Depending on the profile of the company whose domain expired, other online business webpages might involve data storage clouds such as G Suite, management platforms and various professional online communities. Last but not least, the research team managed to reset the password for PayPal account and gain access to financial data.

Expired domain names are an easy target for cybercriminals whose attacks often focus on established brands. By copying and reinstating original websites of online shops, fraudsters pose as fully functioning stores and receive orders and payments for goods that a client will never receive. These products are often counterfeit but the threat of submitting your credit card details is very real and might lead to cleaning your account thoroughly. Bad actors can also take control of any social media or profession-related accounts connected to the email address registered within the expired domain.

PROFESSIONAL HELP TO KEEP YOUR DATA PRIVATE

EBRAND offer tailor-made and effective solutions to protect your sensitive data from third-party access after your domain name expires. Our versatile 360 EBRAND tool will detect and monitor relevant domain names, help prevent possible expiration and subsequent data breach and alert you to any unwanted activity. Contact us to learn more about auditing and securing historically used domain names.

Lutz Berneke

Author Lutz Berneke

More posts by Lutz Berneke