Hacking

Domain Name Hijacking - Domain Slamming

Domain slamming – what is it and how did it emerge

The term domain slamming is derived from telephone slamming, a dishonest practice which telephone companies make you unknowingly change your telephone service provider to theirs. There are different means for the slammer to achieve his objective. In telephone slamming, the slammer can even do that in person by asking you to participate in an inquiry or even in some contest where you will respond to a few questions and if you are not cautious, you would be unaware of the fact that there would be a couple of lines with small print on the paper authorizing a change of the telephone service provider. The term slamming emerged from such unethical practices, and after the emergence of the Internet, the term spread to domain names as well. The practice of slamming expanded to domains because they are also easily transferrable to another domain registrar. It is effortless for deceitful registrars to move your domain name from another registrar to theirs – all they need is for you to make a payment to them or to click on a link in an email. In contrast to telephone slamming, in domain slamming there is only way for the scammers to trick you – by claiming that your domain is expiring and that you should pay immediately for renewal. Little does the victim know that they are not just going to renew their domain name, but that they are also transferring it to a different registrar. Hence, domain slamming is the practice in which a domain registrar illegally attempts to transfer your domain name from one registrar to another (usually theirs) under the deception that it is merely renewing your domain name.

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

Below I will discuss how domain slamming works, how to protect yourself from such illegitimate practices, and I will briefly discuss a notorious domain slammer which continues its malevolent practices today.

Consequences stemming from domain slamming for the victim

The scammers do not need any explicit approval stating that you want your domain name transferred, although this is necessary according to ICANN's rules. Often after they have accomplished the scam, they force you to pay the highest prices on the market for your domain name by not providing you with your Auth-info code, which is necessary to transfer your domain name legitimately, or by forbidding a transfer on different grounds such as unconfirmed identity or suspected fraud. It is also possible for your whole online presence to be inaccessible after the transfer to the slamming registrar, as you may be left with your website and e-mail not working and your domain information unavailable. In the worst case scenario, your domain name would have been hijacked and removed from your control, possibly forever.

Two easy ways to protect yourself from slammers

Domain slamming is most frequently done through letters sent to the address given in the domain WHOIS information. They will not send the letter to your home address unless you have given it in your domain registration. Hence, it is vital that you see your WHOIS record so you can know on which address to expect such letter and disregard it if you receive one not sent by your current domain registrar. The letters that you receive inform you that your domain name is going to expire soon and you need to renew it and if someone who is not knowledgeable in information security gets to the letter, he or she will easily fall for the scam and pay immediately because of the possible consequences described in the letter, such as "should you lose your domain name it may be impossible for you to get it back" and "failure to renew your Domain name by the expiration may result in a loss of your online identity." This may be true – your domain name may indeed be expiring and these consequences can technically be true. However, the best way to renew your domain is by accessing the domain registrar you registered the domain with. If you forgot, you can do a simple WHOIS on the domain and the valid registrar will appear. In order to avoid falling for the domain slamming scam, one option is to employ a person in charge of the domain registration. The simpler approach is to keep track of when your domain name expires and always renew it on time, and to know who your domain registrar is, as the slammers usually include the name of their ISP/domain registrar company in their letter. When you see that the letter is not sent by your current domain registrar, you can just ignore these letters without any sense of panic. You can even take actions such as reporting the letter to the police – as domain slamming is illegal.

Domain locking

Since 2004 every prominent domain registrar included the option of "domain locking". It is a pretty useful tool that will block any attempts from to transfer your domain to another provider until the domain is unlocked by the current registrar. Thus, third-parties would not be able to transfer your domain name without your permission (in order to unlock it, you will have to contact the registrar and ask for it to be unlocked). This registrar-lock will prevent your domain name not only from any undesired, unauthorized or accidental transfer, but it will also block any attempts for domain deletion or modification of the contact details. However, you would still be able to renew your domain, so it is a win-win situation. If you want to move your domain name to another registrar you can always turn off the domain locking feature.

Conditions under which your current registrar can deny a transfer

ICANN (Internet Corporation for Assigned Names and Numbers) is the agency responsible for the sale, supply and protection of domain names, and it decides the conditions under which a transfer of a domain name can be forbidden by the current (losing) registrar. A transfer could be denied if fraud is suspected, if the domain name is in dispute, if there is a reasonable cause to suspect the identity of the possessor, if the domain is in its first or last sixty days of its registration, if the owner hasn't paid for the previous registration period, if domain locking is turned on, if there is a court order forbidding any transfers, if sixty days have not passed since the last transfer or if you have explicitly stated that you do not wish your domain to be transferred. In all of these cases, the transfer would not be completed. This sounds like great protection, but it also leads to some abuse as malevolent registrars can claim that that they suspect fraud or cannot identify the domain holder or any other reason mentioned above, thus, denying your attempts to move to another registrar and forcing you to use their services indefinitely.

Procedure for domain name transferal and remedies for unlawful transfers

Be aware that "bona fide" registrars would always send you a standardized form of authorization to which you either have to reply and confirm that you accept the transfer and all conditions that come with it, or you would have to click on a link to authorize the transfer. They may also send you a second confirmation message to which you do not have to reply but which informs you that you can cancel the transfer within a particular period of time. If you fall for a domain slamming scam and your domain name is already transferred (to the gaining domain registrar) you should immediately contact your previous domain registrar (the losing domain registrar) and inform them of what has occurred so they can try to resolve the issue or even file a case for Registrar Transfer Dispute Resolution with ICANN. If at some point you believe you have been recently scammed and your domain is pending transferal you should immediately declare to your current registrar that you do not wish for the transfer to be completed as transferals usually take a few of days (at least five days in most cases), so you would still have time to fix the problem. However, it is still possible for your domain name to be transferred almost instantaneously if there are no restrictions at hand, so you may not be that lucky. That is why it is good to restrict the transferability of your domain name by either locking it or making sure that there is an authorization code for transferals and if there is – that it can be accessed solely by you.

Authorization codes – both a positive and a negative invention

At the moment, auth codes are given by all of the domain registrars for various gTLDs and probably some of the ccTLD. An authorization code (also known as Auth-Info code, transfer key etc.) is a unique code that you either receive from your current registrar when you want to transfer your domain or your current registrar lets the code to be always at your disposition by providing you with an auth-info code generator, meaning that you can generate it by yourself whenever you want. Either way, the transferal would be declined if you do not provide this code. The problem is that many deceitful registrars after having scammed you, and after you have waited for sixty days that are required to pass before you can transfer your domain name again, will just restrain from giving you the auth-info code, thus, making you unable to escape from their unwanted services. Just know that they have an obligation to give it to you within a five day period. If this does not happen, you can freely send a complaint to ICANN. Despite that, auth-info codes are a lifesaver and can stop a potential domain slamming attempt.

Other preemptive measures and post-scam remedies

No centralized Internet authority solves efficiently end-user issues, so you need to carefully choose your registrar and do your best not to fall for a domain slamming scam. In case you have been scammed, you should not only contact your current domain name registrar but also call the bank or whatever entity you used to make a payment to the scammer and stop the undesired transaction. If you are afraid you have received a renewal notice and you are unsure whether it is not a scam, contact your current service provider, and if you do not know who this is, once again, you can run a whois search on your online presence and find out. Furthermore, to stop all a lot of slammers privatize your domain information so the slammers cannot get any address or number when they run a WHOIS check on you. Never use the contact information presented in such a renewal solicitation, even if it looks like an invoice as this will most likely lead you to the hands of a skilled salesperson motivated to make you transfer your domain at all costs. Most importantly, do not share or give any of your personal information to a third-party which asserts that it wants to renew your domain name and asks for such personal data or for your account. If it was your existing domain name registrar, it would already have your information in its possession.

Things and tips you should bear in mind.

If you fall for a domain slamming scam and your domain name is transferred to the slammer and if the former registrar is also hosting your website, you will suffer great losses, as after the domain has been moved to the scammer your website would no longer be on the Web. You should also be aware that scammers often do not provide any other services and features besides the bare minimum and assert that their prices are cheap but that is almost always not the case. To illustrate, the Domain Registry of America's (which is well-known for its domain slamming scams that lured plenty of people) price for a domain name registration per year is $35 while GoDaddy's offer is $9.99 for the first year and a bit higher afterwards. You should do a bit of digging and find out if your registrar of interest has a background of slamming and stay away from it if it has such a background. Also, there might be additional costs that you are not aware of, or services and features supposed to be offered by the registrar could be basically non-existent. A dishonest registrar can easily deny your transfer request making you stuck with them and since ICANN does not deal with end-user disputes it is really hard to get the problem resolved. You can either do the research or stick with big registrars which already have good credentials.

Keep in mind that domain slammers' most used means of delivering their fraudulent message has been through letter or email but this can also happen through telephone, so be aware!

Domain Registry of America – a registrar with a long history of domain slamming

Domain Registry of America, also operating under the names Domain Registry of Canada, Domain Registry of Australia, Domain Registry of Europe or Brandon Gray Internet Services Inc., doing business as Namejuice.com used domain slamming to trick thousands, if not millions, of customers to transfer their domain names to their services. Here is a letter DROA used to lure people back in 2002. You can definitely see that it is looking like an invoice although it is not. In 2003, DROA was forbidden to use such deceptive practices to acquire customers and was obliged to pay damages to displeased customers through a court order. Nonetheless, DROA rejected the US' Federal Trade Commission "accusations" and did not indicate any signs of changing its dishonest practices. There have been many more lawsuits against DROA. For instance, Register.com sued DROA for tricking thousands of customers into moving their domain names. As a response, DROA declared that they had registered 1.1 million domain names for clients and were registering from 5,000 to 7,000 new domains a day. Brandon Gray's business name had an official sound to it, so if you are not wary you can be misled that they are the official authority for domains in your country. The fact that they are not an official authority is shown on the back of the misleading solicitation where it is stated "Domain Registry of America is not affiliated with or endorsed by the government of the United States. " So, if you read only the front part of the letter you can definitely be misled. The text in the back also shows that when you transfer your domain name to them you allow DROA to use any contact information they would gather from you in any way they and their "partners" desire. This is said to be for "targeted marketing" and this undesired for many practice can continue even after you have switched registrars and you are not using their services anymore. It must also be mentioned that the wording in the letters DROA sends shows an urgency to act and describes catastrophic consequences which further makes people take immediate actions as described in the letter – they pay. Since the lawsuit in 2003, DROA has been under strict monitoring by the FTC but these practices have continued. However, the recent letters of DROA explicitly state that your domain name is going to be transferred to DROA so a cautious person would effortlessly notice that this is merely a solicitation.

Conclusion

There are numerous ways to protect your domain from slamming attempts, but nothing can substitute for being reasonable and cautious. These traits alone will suffice in some situations; however, they will not make you immune towards slamming attempts. This is why one should further educate himself on the topic and take the necessary measures to make his online presence secure. To put it all in a nutshell, effective preemptive measures include:

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Get Your Plan

• Privatizing your domain information.
• Using domain locking.
• Carefully selecting a registrar.
• Hiring a person in charge of the domain registration.
• Always renewing your domain name(s) early so you do not get renewal notices from third-parties.
• Not giving any account or personal information to anybody after registering your domain.
• Managing and storing wisely your auth-info code and making sure that such code is required for a transferal of your domain.
• Knowing who your domain registrar is.

Effective post-scam remedies include:

• Contacting your registrar to block the transfer request.
• Contacting the entity through which you made the transaction to the slamming party and stop this transaction.
• Filing a complaint to ICANN or informing your registrar of the situation so they can attempt to resolve the issue.
• Contacting an attorney or law enforcement agent to hopefully prevent future scam attempts.