The Business Risk of Abandoned Domain Names

When setting up your small business website, you want a memorable name and sleek Web design. You know your website is an important online calling card. Then, when you grow or your business evolves, you might rebrand and add a site. But wait, don’t abandon the old one.

When you set up your Web presence, you select a domain name, and it’s part of all your URLs (FYI: URL stands for uniform resource locator). For example, you have created stylish caps and coats for small dogs. You pick the CoutureCanine.com domain name for your business. Your emails come from TheBoss@CoutureCanine.com. Then, off you go building Web traffic to your cool dog duds.

Maybe you even think ahead and buy similar domain names. You can redirect traffic and avoid losing customers to misspellings or typos.

The domain name, after all, establishes the business and provides you with a foundation to grow. As you build the business, you may expand to new verticals and outgrow the dogs-only website. Or, perhaps you wrap up your line for pups and move on to dressing parakeets. Whatever your reason, don’t abandon those old domain names.

Abandoned Domain Name Security Risks
To keep your domain name, you must continue to pay annual registration fees. If you have multiple domains, that can be a lot of small renewals to track and pay. Along the way, a domain renewal gets overlooked. So, the domain name is abandoned.

Domain names can also get abandoned as a result of a business rebranding or company restructuring. Or you might decide a domain is no longer worth continued renewals.

Your hosting company should tell you the Internet domain name is due to expire. After you stop paying, after a certain grace period, anyone can buy that abandoned domain name.

That doesn’t sound so bad. You didn’t want it anymore anyway, right? But you don’t know who might snatch up your old online calling card. Bad actors buy up abandoned domain names and re-register them with catch-all emails.

What’s a catch-all email? Well, remember TheBoss@CoutureCanine.com? That was you. But maybe you also had distinct emails for accounts, info, sales, support, James, and Shauna. All of them were going through CoutureCanine.com. If someone emails someone at the previous domain owner’s business, it goes instead to the new owner. Having seized control of your old site, they gain access to all incoming emails, and they could see the information you don’t want them to see.

The bad actor could also access online services once used by james@CoutureCanine.com. All they would need to do is reset the password to hijack that account.

Security researchers have seen criminals claim abandoned domains to:

access confidential email correspondence;

access personal information of former clients and current or former employees;

hijack personal user accounts (e.g. LinkedIn, Facebook, etc.) linked to old domain e-mail addresses.

What to do with domain names
Especially if you use a domain name for email, don’t let the renewal expire. We didn’t even mention pirates who look for business websites that have lapsed so they can charge exorbitant ransoms to return that domain.

When you move to a new domain address, communicate the change with all your clients and vendors. Close any cloud-based user accounts registered with the old domain email address. Also, unsubscribe from email notifications that might share sensitive data.

Not sure about your domain name registrations, renewals, and what’s set to expire? An IT service provider can handle this for you. Our experts can make sure you don’t abandon domain names. Or we can ensure you close any associated accounts properly to protect your security.

Contact us now at 02 4326 0655.