[CPWG] Interesting domain theft statistic

John McCormac jmcc at hosterstats.com
Wed Nov 24 10:38:51 UTC 2021 

On 24/11/2021 05:34, Alan Greenberg via CPWG wrote:
> In our discussions related to the Transfer Policy PDP, the issue of 
> domain hyjacking and other nefarious actions has come up often, with 
> some people claiming it is a major issue and others that it is not. I 
> just cam across an interesting  tidbit.
> 
> If you register a domain with GoDaddy, one of the things that pops up 
> (encouraging you to purchase a service from them) is the attached image.
> 
> I have no idea where the statistic of 170,000 attempted domain thefts 
> per year comes from.
> 

It may be based on Godaddy's experience, Alan,
It is the largest gTLD registrar on the web and owns a number of other 
registrars, brand protection registrars and ccTLD registrars. Like most 
of the larger registrar operators, it is a bit of an iceberg with a 
recognisable large brand on many other brands acquired through takeovers 
of other registrars and businesses over the years.

Some of the mentions of stolen domain names that appear on the various 
domainer fora mention that their registrant's logins were compromised as 
part of the theft. This is often down to phishing e-mails sent to the 
registrant purporting to be from the registrar.

High profile brand domain names are often on brand protection registrars 
and it is typically ordinary registrants and SMEs that are targeted. 
These are the people that the the 60 day transfer lock manages to protect.

The ordinary registrant may not even know that ICANN exists or the 
process for reversing a domain theft.

Some of the arguments on getting rid of the 60 day lock and the opt-in 
proposals on the Zoom meetings can only have come from being unaware of 
the issue domain name thefts.

The registrants of domain names that are unused as e-mail domain names 
or developed websites may even be unaware that their domain name has 
been stolen until it is too late. Most of the time, the targets are high 
value domain names (short, keyword, short numerical and brand) that can 
be converted to cash by a quick resale on domain name auction/sales 
sites. By the time that the domain name has been resold, it can have 
moved through a number of registrars.

The gTLD market may be more affected by domain name theft due to global 
market for most domain names and the ease with which the stolen domain 
name can be converted to cash. The ccTLD markets are much smaller in 
scale and some have a more complex transfer process with a pro-active 
single registry being the final authority. With ccTLDs, cybersquatting 
and trademark infringement may be larger problems.

The worst case scenario is when a gTLD registrar gets compromised. As 
the Epik data breach demonstrated, this happens and there is often a 
scramble to secure affected domain names before they are transferred 
out. That 60 day lock is a failsafe.

Regards...jmcc
-- 
**********************************************************
John McCormac  *  e-mail: jmcc at hosterstats.com
MC2            *  web: http://www.hosterstats.com/
22 Viewmount   *  Domain Registrations Statistics
Waterford      *  Domnomics - the business of domain names
Ireland        *  https://amzn.to/2OPtEIO
IE             *  Skype: hosterstats.com
**********************************************************

-- 
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the CPWG mailing list