Domain theft, also known as domain hijacking, is the practice of changing the registration of a domain name without the permission of the original registrant. While many may assume that domain hijacking is accomplished through nefarious methods, domain hijackers often acquire the personal information of the domain owner in order to persuade the domain registrar to transfer the domain to the hijacker. Because there are currently no specific international or federal laws that explicitly criminalize domain theft, recovery of hijacked domains can often be difficult, time-consuming, and expensive. Safeguarding your registration account credentials, particularly by maintaining strong passwords that are changed regularly, is one of the best steps to prevent domain theft.
One of the most common ways theft occurs is when hijackers, either through fraud or by hacking into the domain owner’s accounts, gain access to the registration account and simply transfer ownership of the domain. This often results in domain registration being transferred to an entity in foreign countries, making legal recourse difficult. Another method of domain hijacking is through hosting or registry companies rather than through the domain owner’s systems. In this method, hijackers can stop or cancel a customer’s payment to renew the registration so that the registration expires and the hijacker gets it. Hijackers can even fraudulently enter whois data to access the domain registration account.
Responding to domain theft can be difficult. For domains that have trademark protection, there is the possibility of a trademark infringement lawsuit or claims of violation of the Anti-Cybersquatting Consumer Protection Act (ACPA). The domain owner may also employ a domain name dispute procedure under ICANN or UDRP. These proceedings are typically less expensive than an ACPA/trademark infringement lawsuit filed in federal court.
In other cases, the domain owner may have to pay blackmail or a ransom payment to get the registration back. Other times, the current registrar may simply return the registration information to its original state. Finally, if a disgruntled former employee or vendor misunderstood the domain account credentials, a lawsuit seeking injunctive relief may be the fastest path to recovery. Texas is one of the few states that allows pre-suit depositions. If a former employee, vendor, or other known person is suspected of committing theft, the best option may be to file a pre-suit statement. Due to the difficulties of enforcing US laws in foreign countries, it is very important to obtain injunctive relief to prevent transfer of registration to a foreign entity or registrar. Ideally, the account and registration are frozen until the court can determine how to resolve the dispute.
If domain theft occurs, an Internet attorney with experience in domain theft or hijacking, as well as trademark law, is probably the best place to start.
