Your Expired Domain May Put you at Risk


Chances are, you’ve come across a scam website, a potential malware ad or a fraud email. Cybercrime has become extremely commonplace, yet many of our clients are not aware of how these schemes are carried out. Surprisingly to many, there is an entire market of cybercriminals who snap up expired domains in order to steal data and commit fraud. 

Many website owners decide to let their domain expire simply because they no longer wish to have a website. However, they may not be aware that this opens them up to a myriad of security risks like fraud, data theft, credit card theft and extortion. 

Other website owners may also want to let a domain name expire due to a branding change. You may have heard that changing a domain name is like relocating a storefront, and the “move” may cause you to lose customers who don’t have the patience to find you again. However, allowing your domain name to expire can have even more dangerous consequences. Think of it this way: changing your domain name and letting your old domain name expire is like relocating your storefront AND allowing anyone to exploit your previous brand for their needs – including impersonating you, committing fraud and stealing data.  

How Expired Domains Put You At Risk

Expired-domains-put-you-at-risk

When a domain name expires, your domain name will enter a grace period. During the grace period, you have a chance to renew your domain so that you retain your possession of it. If you do not renew your domain name by the end of the grace period, it will get published to a domain drop list, and will be open to be purchased by the public. Domain drop lists are usually scoured by domain investors for a quality domain, but they are also scoured by cybercriminals. 

Cybercriminals look for recently expired, quality domains to commit fraud and run a number of schemes. Cybercriminals can make use of an expired domain in many ways. Here are a few of the most common schemes:

Email Takeover 

When your domain name expires, your domain emails can be taken over. The new domain owner can easily set up the same email account that you had before, allowing them to pick up all the emails that were intended for you. Cybercriminals can even impersonate you in order to capture confidential information from your contacts.

Account Takeover 

In addition to taking over your domain email, hackers can use your old domain to access other personal accounts. For any accounts (such as social media, subscriptions, online banking, etc.) associated with your previous domain name, criminals can initiate password resets to gain access to them. 

Scam Ecommerce Websites

A previously owned domain name has built up a strong authority online, and can also be associated with a reputable brand. This makes a used domain name attractive to cybercriminals, as they can use your old domain name to make a fraud or scam ecommerce website. By creating a fake online store, cyber criminals can collect credit card information and other confidential contact details.

Brand Impersonation

If you’ve built up a reputation with your old domain name, cyber criminals may take advantage of this by impersonating your brand to capture credit card information or confidential data from your loyal customers. Cyber criminals can even recreate your website by looking at websites like Archive.org to see your past web design and content, further putting your customers and your reputation at risk.

Extortion of Previous Owners to Regain Control of the Domain

If you had not intentionally let your domain expire, this is prime time for a cybercriminal to snatch up your domain and hold it hostage for a hefty sum. Especially if your brand name is tied to your domain name, a domain name is crucial for your business. Cybercriminals may even threaten to ruin your reputation or hurt your branding unless you buy your domain back from them.

Malware Injection

Cybercriminals can create realistic looking websites using old domain names, and insert links and advertisements infected with malicious code. These ads can install malware on the victim’s computer or smartphone. 

What you can do to protect yourself:

Renew and Inform Visitors of Your New Domain:

The best practice recommended by top security experts is to never let your domain name expire. Many domain owners are unfortunately not aware of the dangers of letting your domain expire. 

If you have decided to change your domain name or branding, in order to protect yourself, it is best to keep your existing account active, and create a web page to direct visitors to your new domain. Not only will this prevent you from losing your loyal customers, but it will also protect you from falling victim to cybercriminal schemes.

For Website.com members, feel free to give our team a shout, and we can help you find the best solution for your needs.

Close/ Update Email for Social Media and Subscriptions Using Your Domain: 

You may have used your old domain email to set up social media accounts (like Instagram, Facebook, Tumblr), subscriptions (like Netflix, Hulu, Crave), member accounts for online stores, etc. While it is important to continue renewing your old domain name to prevent scammers from gaining access to your old domain emails, you can take further security measures by closing unneeded third-party accounts that are associated with your old domain name. For accounts that you would like to keep, be sure to update your contact to an active, frequently used email account, and remove your infrequently used domain email as the contact. If you can, enable two-factor authentication or other password security features.

Prevent Accidental Expiry:

If you do not intend on changing your domain name, create some safeguards to prevent your domain from accidentally expiring, which could open yourself up to extortion. Ways to prevent accidental domain expiry:

Set Up Auto Renew

As a safeguard for Website.com members, active Website.com plan subscriptions will automatically be set up with auto-renew. If you want to ensure that domain auto-renew is set up for your plan, feel free to reach out to our team and they can check your domain status for you!

Ensure Contact and Credit Card Info is Up to Date

At Website.com, even though auto renewal for your domain is enabled when you have an active plan subscription, the domain will fail to renew if your credit card information for your Website.com subscription has expired. 

Also, ensure that your contact information is up to date so that you can stay informed about any action you need to take regarding your Website.com plan and/or your domain name. 

The number one reason our clients accidentally let their plans and domain expire is because they had failed to update their contact information. This causes them to end up missing out on important reminders about their plan subscription or credit card. To prevent this from happening to you, be sure to update your contact information in the Member Zone. For extra peace of mind, you can reach out to our team to ensure that your credit card information and contact information are up to date.

For Website.com users who are using a domain name from a separate domain provider, make sure you check in with your domain provider, and keep your domain name contact and credit card information updated.

Do Not Use Your Domain Email as your Contact

We highly recommend that our clients use a separate email address, other than a domain name email, as the main contact email for your Website.com account. Once the domain expires, you will also lose access to your email account, making it extremely difficult to retrieve your domain name or renew your Website.com plan.

In Conclusion

It is vital to protect yourself from falling victim to one of these common cybercrime schemes. In regards to cybersecurity, the expression “better to be safe than sorry” truly applies. Keeping your old domain name is one of the most cost effective insurance policies against fraud that you can take.