Imagine it’s Saturday, and you’re looking forward to spending the weekend with your spouse and two children.
An unexpected message from your father alerts you to a problem with your website.
And that’s when the next three days turn into a nightmare of phone calls, messages, frustration, anxiety, and a scary financial interaction of thousands of dollars.
How Hackers Stole My Site
That’s what happened to Jordan Reid earlier this month, when the well-known lifestyle blogger, author, and entrepreneur discovered her domain name had been transferred out of her name.
She no longer owned the URL that was the main source of income for her family.
Her site was up for auction on Flippa and she needed to get possession of her URL again.
Which meant dealing with the seller of her site.
When Reid shared her Medium story this month, Hackers Stole My Website…And I Pulled Off A $30,000 Sting Operation To Get It Back, I was amazed to read what happened.
And what didn’t happen.
Her domain name company (GoDaddy) and web host (HostMonster) were little help in resolving the issue when she reported the problem.
Each company agreed that her URL had been transferred without her permission, but neither company would help her.
As Reid explains, what surprised her was the support and help she received from an unexpected place. The United States Federal Bureau of Investigation (FBI).
After responding quickly to her call, the FBI followed up with phone calls, emails, and in-person interviews within 24 hours of her report.
Beyond that, each and every agent I have interacted with over the past week has been, without fail, compassionate, thoughtful, invested, respectful, and committed to action…in addition to treating me not like a case number, but like a human.
Eventually, Reid was able to retain possession of her domain name. And managed to stop payment to the seller.
How to Avoid Your Domain Name Being Transferred Out of Your Name
Reid did the right thing when she took steps to keep her domain name registration private.
But the person who took control of her domain name was able to transfer the URL out of her name to another domain name registrar.
How that happened isn’t explained in the story.
Reid offered several steps to protect your online interactions, including:
- Use good password practices
- Turn off computers and other devices when they aren’t in use
- Consider Cyber Insurance
And if this happens to you, document everything. Contact the domain name registrar and law enforcement.
One item I noticed Reid didn’t mention was two-factor authentication, which uses two methods to verify your identity.
Think of entering your username and password into Facebook, and being required to enter a code you receive in a text message on your smartphone in order to access Facebook.
From what I read in her post, it doesn’t sound like Reid used two-factor authentication. Which would have restricted the seller from accessing her domain name registration.
And alerted her to the scheme to get her domain name.
What happened to Reid can happen to anyone with a website. My recommendations: take steps to safeguard your online interactions.
Set up two-factor authentication for your accounts.
My friend Chris Wiegman has excellent tips regarding encryption, private browsing, and staying anonymous online from his talk last weekend at WordCamp London 2017.
What other suggestions do you have for keeping your domain name registration safe? And for staying safe online? Share your thoughts in the comments.