Abandoned domain names are going to be a threat for organizations and individuals as this has become easy for cyber criminals to access to PC and grab all the important information.
Email is known as the key of the kingdom as it reflects the personal or organization’s identity. When you reset your passwords an auto email generates in order to confirm the process. You will be surprised to hear that if you abandon an old email domain, it is easy for cyber criminals to the reactive old domain and re-register it for criminal activities.
It has also become a big problem for law firms because they deal and forms partnerships, resolve disputes and support organization in the case of mergers. Whenever a merger happens, it may involve the addition of new the identity of a firm, with a new domain but what about the old domain? If it got abandon or expires then? Do you this it is safe? Of course not! It is the easy task for hackers to dig out the important information from your expired domain by making it reactive. Remember, Old email domain expiries are not safe at all.
Here I would like to share an example from real life. On the year 2017, several mergers took place among law firms.The study indicates that there were around 102 mergers were recorded.After mergers, the firms took the new domains but later a firm “Szathmari” reactivated many old and expired domains that were previously in use of other firms before being merged. They also set up the email server and without doing any kind of hacking, they received a bulk of confidential information including client information, invoices and other sensitive legal documents. Szathmari has no bad intention to receive that information hence they decided to return these credentials to the original domains as well.
This discussion is not ended yet. The same tactics can also be misused. Hackers can easily reactivate an old web domain as well. Once they get the access to a web domain, then they can also grab the information by downloading the web page. Even they can start taking new orders as well.
The issue can be ore worst if your old web domain had CRM or mailing system. Cyber criminals can easily access your client details, invoices and other important information. Imagine if someone is sending emails and offering discounts and incentives without letting you know and taking orders for those products that can never be delivered. So horrible!
But don’t worry, I would like to give you some useful tips that will help you to protect your data. You should know that expiring domain names are published on a daily basis. You can take a look at domain drop-down list to check the list of expired domain names. Most possibility hackers would not spend much of their times for download that lists daily and search for relevant specific expires domain with complete history. In the above -mentioned the example of “Szathmari”, they were also able to use and reactive domain names to access the data of other firms by using HavelBeenPwned and SpyCloud.com. Both of organization ask for the domain name for verification. You can easily pass once you own the domain.
What the best you can do? Don’t let your old domain expires as holding the domain is not that expensive hence you should keep it. Its better than spending too much on cyber security. On the other side, there should have a redirection system that redirects all the incoming emails to the trusted administrators.