Small Business Cybercrime Alert
Now they’re stealing domain names & taking down small businesses. Doesn’t anyone care?
How is a business owner supposed to protect their business reputation online?
Business owners regularly pay thousands of dollars to acquire their domain, or Internet addresses. The most sought-after domain can fetch millions of dollars, but the median price for a domain name was $3,000 in 2014, up 9 % from a year previously, according to DNJournal.com, a market magazine.Earlier this year, an eight-person home-health-aide start-up in McLean, Va., paid $350,000 to acquire homecare.com.
Some say that ICANN itself must do more to monitor– and address– the illegal transfer of stolen domain names to windows registry holders abroad. “If they discover there are bad registrars dealing with bad folks to facilitate domain hijacking,” taking steps to “put them out of business would send a really strong message,” says Mr. Corwin of the Web Commerce Association.
A spokeswoman for GoDaddy Inc., the technology business that helps businesses and people develop an online existence, says it is investigating the notice, including that it “clearly appears to us to be a fraud e-mail.”.
Cybercriminals in some cases hijack domain names by scraping public directory sites listing contact data for domain owners. These hackers then send out phishing e-mails designed to surreptitiously capture a domain owner’s passwords or keystrokes, according to Enrico Schaefer, a Traverse City, Mich., attorney who specializes in Web law. Making use of that data, the hackers can take control of the company domain name by transferring it to another registrar making use of an account managed by a cybercriminal.
A minimum of 15 cases seeking the return of domain were filed in U.S. courts last year, up from 5 in 2013 and 10 in 2012, according to Stevan Lieberman, a Washington attorney who represents domain-name holders. The figures don’t consist of state-court cases or disagreements that didn’t result in litigation.
Cybercriminals sometimes hijack domain by scraping public directory sites listing contact data for domain owners. These hackers then send out phishing emails created to surreptitiously capture a domain owner’s keystrokes or passwords, according to Enrico Schaefer, a Traverse City, Mich., lawyer who specializes in Internet law. Using that data, the hackers can take control of business domain by moving it to another registrar utilizing an account managed by a cybercriminal.
Cybercriminals targeting companies are stealing more than client passwords and credit-card numbers these days. Some are misusing the really Web addresses– or domain names– of business themselves.
At initially, the 32-year-old business owner presumed a server had dropped. But after digging even more, he found a more significant problem. A cyberthief had diverted his company’s domain name– the really Internet address that’s crucial to his firm’s online sales– to China.
Mr. Palatnik’s experience highlights a little-noticed and growing security danger for company owner. Burglars can hijack domain and move them to such locations as China, Eastern Europe and Russia in exactly what seems “arranged criminal activity,” states Philip Corwin, counsel to the Web Commerce Association, a trade association for domain-name investors and designers.
“Your GoDaddy service(s) revealed listed below has actually been suspended due to the fact that some of the purchases on your account remain unsettled,” stated a recent e-mail to a GoDaddy consumer. The e-mail, which seemed part of a phishing scam, told the reader to click a link “to make payment and reinstate your services.”.
The thief may hold the domain for ransom, resell it or make use of the details to obtain access to personal or business data, states David Weslow, a Web attorney in Washington. Thieves may “likewise want other methods for generating income from the taken domain, such as the display of pay-per-click advertisements, screen of a website that downloads malware, or use of the domain to send legitimate-looking e-mails consisting of spam, viruses and/or phishing correspondence,” he says. Time to call in the federal cyber security squad.
In reality, Premier’s domain registration had expired after someone shifted the e-mail related to it to “an unusual, dubious Hotmail account” overseas, Premier co-owner John Reed states. Premier didn’t get notifications to renew its domain registration because of the email-address switch, he says.
Small Business Cybercrime Alert
At 14-employee Premier Device Products Inc., in Kirtland, Ohio, e-mail traffic suddenly dried up in mid-November. Quickly, its consumers grumbled that e-mails and order to the maker of custom screw-machine items had bounced back.
When Pablo Palatnik of Miami glanced at a Google analytics report revealing Internet traffic on his office TELEVISION screen one day last month, he was alarmed to discover that traffic to his company site, Shadesdaddy.com, had actually plunged 80 % from its usual level of as many as 10,000 visitors a day.
In Miami, ShadesDaddy.com was offline for 11 days. It lost about $50,000 in revenue, Mr. Palatnik estimates, prompting him to lay off 6 of his eight employees. He lastly regained ShadesDaddy.com.
In Burr Ridge, Ill., Michael Lee, the owner of the five-person Michael Lee + Associates marketing firm, spent roughly $15,000 and 19 months to reclaim control of MLA.com after it was hijacked and shifted to a registrar in the Bahamas in May 2013. Revenue fell 30 % throughout the period due to the fact that customers had problem reaching the business. Quickly before the judge’s judgment in Mr. Lee’s favor, someone asserting to have actually legitimately purchased the domain provided to return it in exchange for $15,000 or $20,000, he says.
Little firms with unforgettable domain– in addition to entrepreneurs who buy specific domain with strategies to resell them– can be specifically susceptible due to the fact that they tend to have less advanced Internet security systems. They must really focus on how to improve a business reputation.
The nonprofit Web Corporation for Assigned Names and Numbers, or ICANN, collaborates how Internet addresses are assigned, and it has actually overcome 140 problems about domain-name thefts in the previous 20 months.
The Federal Bureau of Examination states it has opened roughly 26 grievances involving domain-name theft or hijacking in the past year. In addition, the Internet Criminal offense Problem Center, a collaboration between the FBI and the nonprofit National Clerical Crime Center, has received 17 problems of domain hijacking or theft. Nine of those reported a combined $3.5 million in losses.
The registrar-accreditation agreement in between ICANN and the registrars– the business liable for domain-name registration– offers ICANN enforcement powers to stop reported domain-name abuse, says a law-enforcement official with knowledge of the issue. “ICANN is not a law-enforcement firm or a regulatory authority,” states Gwen Carlson, the agency’s communications director.
A cyberthief had diverted his business’s domain name– the very Internet address that’s vital to his company’s online sales– to China.
Shortly prior to the judge’s ruling in Mr. Lee’s favor, someone declaring to have actually legally bought the domain offered to return it in exchange for $15,000 or $20,000, he says.
That implied that possible clients surfing the Internet for Oakley, Ray-Ban, Versace and other popular sunglass brands couldn’t discover his eight-year-old Internet retail company. “I never believed someone could take the domain from us,” he states.