ACG-CYBER SECURITY BULLETIN NO 130 UNDERSTANDING THE RISK OF DOMAIN HIJACKING
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).
The information provided was classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant; this will lead to a loss of control over your online identity and emails,
Domain hijacking can be done in several ways, generally by unauthorized access to, or exploiting vulnerability in the domain name registrar's system, through social engineering, or getting into the domain owner's email account that is associated with the domain name registration.
One reason that can cause the domain name to be hijacked could be negligence towards security. Once, the target registered a new domain, the provider gives access to the domain’s Control Panel. This panel lets you change your domain’s settings, to that point to the original server. And while you create your account, you must have provided an email address that will have administrative access. If the hacker can access this administrative email account, he can also have control over the domain’s control panel and eventually all the settings. Hackers usually obtain your email and other information from the WHOIS data records.
Usually, the hijacked domains become inaccessible, and if the website was a source of income, you’ve started losing your money as well your online identity. The hacker may demand money from you to transfer the domain name back to you. Or the hijacker might replace your website with another similar looking website and misuse it for Phishing or other malicious activity. This might fool your users and lead them to enter their sensitive credentials on a fake website.
To avoid this, the best way to protect the domain name is to protect the administrative email account associated with the domain.
All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Domain Hijacking, to wit:
- Use strong email passwords and enable two-factor authentication if available.
- Tick the setting "always use https" under email options.
- Frequently check the "unusual activity" flag if provided by your email service.
- Make sure to renew your domain registration in a timely manner—with timely payments and register them for at least five (5) years.
- Use a domain-name registrar that offers enhanced transfer protection, i.e., “domain locking” and even consider paying for registry locking.
- Makes sure your WHOIS information is up-to-date and really points to you and you only.
For additional information, please refer to the following websites:
POINT OF CONTACT