The Unforeseen Consequences of Expired Domains

Now, more than ever, it is important to keep a track of your domain registrations. This may sound easy to achieve, but in practice it actually can be difficult. It’s not uncommon for a business to have multiple domain names registered. For example, a company might attempt to “cover all bases” by registering the .IE, .COM, .CO.UK, .EU (and so on) variations of its trading name. The same company might also register the names of the products or services they provide. It would be rare for all domain names to be registered on day one of the business… so now you have to consider the potential of having many domain names renewing at separate times throughout the year. So, when the renewal anniversary comes around (as these registrations tend to be annual) it’s not difficult to see how one might miss an annual renewal.

There are also some reasons why you might have intentionally let a domain renewal lapse. Long before the liberalization of the .IE domain registration process a lot of Irish companies made the switch from .COM over to .IE. Perhaps, since the transition, you’re not getting mail anymore to your .COM domain and feel you can safely let it expire?

Scenarios like these are presenting huge risks for businesses and opportunities for fraudsters seeking to access their personal data and the data or their contacts, customers and suppliers.

When a domain name has expired or is close to expiring, it will appear on a domain name “dropped list” (e.g. expireddomains.net). From here, opportunistic criminals can immediately re-register your recently-abandoned (or just not renewed) domain name. Once they have control of your old domain name, they can impersonate you or your company.

Why would they do that? Well Cyber Crime is the number one reason.

  • They could set up commonly-used email addresses that you likely maintained at one point: [email protected], [email protected], [email protected] etc. Alternatively, they could set up a “catch all” email account that captures all mail coming to the domain. You may have customers or suppliers that still send mail to your old domain – now it will go straight into the imposter’s inbox, where sensitive information can be harvested.
  • They could send out mass mails from your old domain name to random businesses and individuals, or more effectively, they could respond to those contacts, described above, who are still using your old domain name. These emails can take the form of anything from fraudulent requests for online payments, to spear-fishing attacks, to traditional malware attachments.
  • Your social media presence could also be compromised. Some people use their work email when signing up to social media channels, especially when they are managing the company’s Facebook, Twitter or LinkedIn profiles. If the imposter guesses the email address associated with an account (or acquires it from one of the vast libraries of data-breach information available online), they could reset passwords, lock you out of your social media profile and take control of it.
  • They could set up a website that (a) mirrors your live site or (b) imitates an old site that you used to host on the expired domain. The falsified site can gather information via contact forms from your prospective customers. Even worse, if you have or had an e-commerce site, they could harvest credit card details from unsuspecting online customers.

How do you ensure that your domains don’t fall into the hands of online criminals?

Keeping an eye on your domain renewal dates is key. When a domain is approaching its expiry date, renew it as soon as you can – don’t put it on the long finger. Obviously if you use a company such as BITS to manage your domain name renewals, this is managed for you. We can also offer a monthly direct debit option to allow you to spread the costs of ownership of a domain name and ensuring that all domains you have registered stay registered (unless and until a time that you confirm you no longer need it).

If you have a lot of domains, you should plan on how best to consolidate them in a way that is most efficient for your business. For example, any seldom-used or unused domain names in your account should be set up as “aliases”: any mail to an unutilized domain name will be routed to the correct inbox on your active domain. Similarly, all web traffic will be automatically forwarded to your primary website.

To discuss the issues above and find out how BITS can help you with the registrations, renewals and configuration of your domain names, please feel free to contact us at [email protected] or call 056-7786882.