Lawyers, your law firm’s domain name is a valuable asset. And it’s worth protecting. Why does it need to be protected? Because there are predators who can and will steal it from you if you don’t take precautions to prevent the theft.
Why would they want to steal your domain name? There are several good reasons:
- They can then sell it back to you if you value it;
- They can sell it to other people;
- They can siphon off your traffic;
- They can take control of any email that is directed to the domain.
All four of these things can be quite profitable. And, with number 4 above can have far reaching financial and even ethical implications on your firm. While 1-3 are pretty obvious, let’s dig a bit deeper into the potential problems number 4 can cause a practicing lawyer. If a thief can take control of your email by taking control of your domain they can:
- Reset passwords that use your email address (unless you have 2-factor authentication set up);
- Get enough additional information about you to steal your identity;
- Get enough information about your clients to steal their IDs, extort them, publicly shame or implicate them, and all kinds of other bad things;
- If they get into your bank account, they could cause your IOLTA to become unbalanced or even emptied;
- They can communicate with courts, opposing counsel, and your clients as if they are you.
For more information on how thieves steal domain names, see “How to protect yourself from domain registration scams and theft.”
The most common mistake that I see attorneys make is treating their registrar password like it’s not important. Many lawyers have very week passwords for their GoDaddy or Register.com accounts. Other lawyers have decent passwords, but email those passwords.
Email is not secure, and the transmittal of any password over email is dangerous. But transmitting a registrar password via email should be avoided at all costs. For ideas on creating better passwords, see security best practices.
Sometimes a thief doesn’t need to do much to take your domain name. In fact, sometimes it is not even theft (at least technically). There is a whole industry that simply watches domain names and waits for them to expire. Don’t let yours expire. The yearly cost of registration is nominal, and I recommend paying in advanced for as many years as you can. That way, you don’t have to worry about renewal every year, and the opportunists will see no reason to continually monitor your domain.
Also, keep in mind that, while companies like GoDaddy do call their customers quite often to check in and perhaps to upsell, this fact opens the door for thieves to call as well, posing as GoDaddy. There is never a reason to give your registrar user name, password, account number, pin number or other identifying information to somebody who calls you.
An ounce of prevention when it comes to your firm’s domain name is worth it, so don’t delay.
Action Item: If you haven’t done it lately, log into your registrar account today and change your password. You have nothing to lose by doing it, and it might just save you a lot of unwanted trouble.