1 November 2021
Domain transfer scam attempts seem to be on the rise. This week several major Australian brands received .au domain password recovery emails from auDA, the administrator of Australia’s .au top-level domain.
Domain name passwords allow domain names to be transferred between Registrars. If a third party can access your domain name password, they can transfer your domain name away and take control of it.
auDA allows anyone to make these requests via their password recovery page at https://pw.auda.org.au/. However, only the Registrant will be sent this information via the email address associated with the domain name.
If the email address associated with your domain name has been compromised (hacked) or a 3rd party’s email address is associated with your domain name, there is a risk of your domain name being transferred away from your control.
Steps to avoid unauthorized domain name transfers
1) Never approve a domain transfer request and send all requests to your Domain Name Registrar (Account Manager) for review.
2) Ensure that all of your domain names are associated with the correct (Company) email address. If a domain name’s email address is a personal email or a third party email it has a higher chance of being compromised.
3) Ensure that email accounts associated with your domains are only accessible by authorized and necessary staff. The less people who can access the email, the less chance of a compromise.
4) For critical domains, ensure both Registrar Lock (free across brandsec managed domains) and Registry Lock are enabled. This will protect your domain name(s) from being transferred, even if an email account is compromised. To find out more about Registry Lock click here.
Scammers are being creative in their attempts to hijack established domain names and websites. Avoid a transfer scam by implementing these basic steps and safe-proof your domain name(s).
bandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.