{"id":1871,"date":"2020-07-21T10:00:29","date_gmt":"2020-07-21T02:00:29","guid":{"rendered":"https:\/\/www.mondoze.com\/blog\/?p=1871"},"modified":"2022-09-25T00:38:22","modified_gmt":"2022-09-24T16:38:22","slug":"how-hackers-use-expired-domains-to-steal-data","status":"publish","type":"post","link":"https:\/\/www.mondoze.com\/blog\/tip-sharing\/how-hackers-use-expired-domains-to-steal-data","title":{"rendered":"How Hackers Can Use Your Expired Domains to Steal Data"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

When businesses and blogs rename or merge, old domains sometimes get left behind. Security researchers say expired domains can put data at risk.<\/p>

Scammers may set up fake shops on expired domains and use them to steal credit card data from unwary bargain hunters. Or they may target email accounts linked to the domain to scam clients, steal company secrets and break into employees\u2019 shopping and travel accounts.<\/p>

Prevention is as easy as renewing and protecting all your domains, but that\u2019s not always simple, especially if you own a lot of domains. Here\u2019s what you need to know about your risks when a expired domain, how to keep yours current and avoid to get steal data<\/p>

What Happens When Domain Expire?<\/strong><\/h3>

The first thing you need to know is that when domains expire, they\u2019re available to anyone who wants to pay to register them. They\u2019re also easy to find online, through sites that offer expired domain name searches and lists of recently expired domains to bid on. Some buyers buy expired domains for legitimate projects. Others are not so ethical.<\/p>

Your expired domain could end up as a fake online store<\/strong><\/h3>

Criminal gangs snap up expired domains to turn them into phishing sites. That damages the brands that lose their domains, the brands impersonated by the scammers, and shoppers who fall for the scam.<\/p>

Your expired domain could let data thieves into your business<\/strong><\/h3>

Last year, security researchers with Australian cybersecurity firm Iron Bastion proved that registering abandoned business and law firm domains could give criminals access to insider data.<\/p>

By setting up a catch-all email forwarding service for domains they re-register, criminals can access confidential client data and emails. They can run scams using this information or sell it on the dark web. They can also take over former employees\u2019 social media, banking, and professional accounts by changing the passwords linked to the old domain\u2019s email addresses.<\/p>

What should you do with domains you don\u2019t use anymore?<\/strong><\/h3>

Security experts say the best way to safeguard your old domains is to keep renewing them, even if you\u2019re not currently using them. Then you should close the email accounts associated with those domains and unlink those email accounts from alerts sent by banks, airlines, and other services that handle sensitive (and valuable) information.<\/p>

If you must let your old domains go, you\u2019ll need to be thorough about updating any online accounts you and your employees set up using old domain email addresses. Then you\u2019ll need to close those email accounts.<\/p>

In either case, it\u2019s wise to let your customers and vendors know about your change of email address. Give them some advance notice, ask them to whitelist your new email address, and then ask them to delete the old address when you\u2019ve closed that account.<\/p>

For any email account on any domain, it\u2019s always a good idea to set up two-factor authentication (2FA). By requiring a code from an SMS message or an authenticator app, you reduce the risk of someone maliciously changing your password on your email account and other accounts you set up with your email address.<\/p>

And speaking of passwords, don\u2019t make it easy for hackers to guess or brute-force yours. Every email address on your domains should have a strong password that\u2019s not used for any other accounts.<\/p>

How can you keep all your domains current and safe?<\/strong><\/h3>

Follow these recommendations from domain security experts to keep your domains in your possession.<\/p>

Give your domain registrations fewer chances to lapse. Start by registering or renewing for the longest amount of time you can, like three years instead of one. Then set your registrations to auto-renew.<\/p>

Keep your registration information up to date. Update your domain registration accounts when your email address, phone number, or other contact information changes. Changed credit cards or online payment services? Make sure you change your domain payment information, or your auto-renewals will fail.<\/p>

Keep your registration information private. Domain privacy protection costs a few dollars a year, and it\u2019s worth it. If you add domain privacy when you register your domain. Your registrar\u2019s contact information is listed in the WHOIS public database. Without domain privacy, your name, email address, and other personal data are on display. That can put you at risk for spam, scams, and harassment.<\/p>

Lock your domains. Domains must be unlocked when you\u2019re transferring them to a new host. Otherwise, lock them to keep scammers from transferring them to a different web host without your consent.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

When businesses and blogs rename or merge, old domains sometimes get left behind. Security researchers say expired domains can put data at risk. Scammers may set up fake shops on expired domains and use them to steal credit card data from unwary bargain hunters. Or they may target email accounts linked to the domain to …<\/p>\n

How Hackers Can Use Your Expired Domains to Steal Data<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":13356,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":"","_wpscppro_custom_social_share_image":0},"categories":[30],"tags":[36],"_links":{"self":[{"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/posts\/1871"}],"collection":[{"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/comments?post=1871"}],"version-history":[{"count":10,"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/posts\/1871\/revisions"}],"predecessor-version":[{"id":14169,"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/posts\/1871\/revisions\/14169"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/media\/13356"}],"wp:attachment":[{"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/media?parent=1871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/categories?post=1871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mondoze.com\/blog\/wp-json\/wp\/v2\/tags?post=1871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}