Domain cybercriminals attempt to steal domain names using a variety of cunning methods.
Other than direct hacking of accounts, or spear-phishing techniques, social engineering is a common method.
Calling up a domain registrar’s support department pretending they are the owner, or calling the domain owner pretending to be the domain registrar, is one such example.
We are aware of several recent attempts to infiltrate accounts of premium domain holders, that this method was utilized.
In one case involving a valuable NNN .com domain, the criminal forged a passport and attempted to use that in order to change the email controlling the account.
Domain registrars should implement a foolproof method of confirming the identity of the account holders. In the future, Blockchain technology will most likely be utilized, to sign documents and to track their origin.
This is exactly the reason why escrow companies, such as Escrow.com, go through a rigorous verification process, to ensure that both parties in a transaction are who they claim they are.
You might want to notify your favorite registrar that no such account changes will take place without direct communication. Be aware that SIM card hijacking is on the rise, and phones can be used in such impersonation attempts.
