Get All Access for $5/mo

Hijacked! How to Stop Cybercriminals From Stealing Your Domain With Twitter, Google and other big-name companies under attack, no one is safe. Here is how to prevent your domain (and website) from getting hijacked.

By David L. Brown

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

What if you were going to visit this article on Entrepreneur.com only you weren't on the actual site? Instead, you unknowingly landed on a hijacked version of the site where criminals were stealing your personal information. This is known as domain hijacking -- or domain theft -- and it's one of the most prevalent threats facing businesses and consumers today.

In 2012, incidents of domain hijacking and related crimes – hacking, phishing and social engineering – increased by more than 42 percent, resulting in a $400 billion hit to the economy, according to security-software company Symantec. And it seems like hackers are just getting started. Several of the world's biggest brands including The U.S. Marines, The New York Times, Twitter, Google, The Huffington Post and Forbes.com – have fallen prey to domain hijacking, thereby putting millions of consumers at risk for identity theft, credit card fraud and other nightmarish situations.

However, the threat isn't contained to just big brands or large corporations. Any organization with significant traffic, a familiar brand, valuable intellectual property or a desirable domain name is a target.

While cybercriminals continue to strengthen and evolve the techniques they use to attack company websites, domain hijacking is preventable if you understand how it happens in the first place and how to protect your business.

Related: How to Protect Your Small Business Against a Cyber Attack

What is domain hijacking?
When a company's site is hijacked, the internet domain name is stolen from its legitimate owners and taken over by cybercriminals. The five most common ways that sites are hijacked are:

1. Pharming: A cybercriminal takes control of a site and posts objectionable content that can damage a company's reputation and turn away customers.

2. Phishing: Hijackers replicate a company's website and collect information like credit cards and social security numbers from consumers who think they're on the legitimate site.

3. Man-in-the-middle: An attacker reroutes a company's internet traffic through external hosts to monitor, capture or alter sensitive communications like system passwords and routing information. This type of breach is particularly virulent because it usually goes undetected for long periods of time.

4. Communication Disruption: Hijackers disable communication channels, such as web and email, which cripple an organization until it gets back online.

5. Domain Loss: Criminals steal valuable domain names.

How to protect your site
A company can greatly reduce the threat of a security breach by deploying a mix of the following techniques and processes:

Multi-layer architecture. Like a safe with multiple locks, using a system of different types of locks on the same domain greatly reduces the potential of a complete hijack.

Related: Don't Get Hacked -- Tools to Fight Cyber Attacks

Distributed systems and processes. Ensure that critical information is protected by making sure the keys and processes used to unlock, transfer, delete or redirect your domains are not being housed in one single system or with one group of individuals. Portions of the credentials, keys and authentication processes should be distributed among different groups and systems.

Isolated systems and processes. As an additional layer of security, parts of the system and processes should be isolated and completely disconnected from one another. Only authorized personnel should hold the keys. This prevents accidental leakage of information, which is usually the case with social engineering.

Encryption. Use the highest level of encryption to protect not only authorized domain credentials, but also the processes and systems supporting the domain.

Multi-factor authentication. Do not rely on only one form of authentication. Instead, use a mix of online and offline authentication methods to ensure that no unauthorized person with stolen credentials is able to unlock the domain control for transfer, deletion or name server redirection.

Ultimately, the only way to protect against hijacking is to manage domain names with the same level of security as other mission-critical corporate assets.

Related: How to Protect Your Apple Devices From Getting Hacked Right Now

David L. Brown has been working with small businesses to develop strong online-marketing presences since 1999. As chairman, CEO and president of Web.com, a small business online marketing solutions, Brown oversees the online presence of more than three million customers and is an advocate for small-business owners’ importance to the US economy. ” 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Business News

Looking for a Remote Job? Here Are the Most In-Demand Skills to Have on Your Resume, According to Employers.

Employers are looking for interpersonal skills like teamwork as well as specific coding skills.

Business News

'Jaw-Dropping Performance in 2024,' Says a Senior Analyst as Nvidia Reports Earnings

Nvidia reported its highly-anticipated third-quarter earnings on Wednesday.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Meta Fires Employee Making $400,000 Per Year Over a $25 Meal Voucher Issue

Other staff members were fired for the same reason, per a new report.