News

Avoiding common domain name risks

Written on by admin

The need to protect business assets from online threats is obvious to many businesses, but sometimes one of the most important assets can get overlooked, and that’s the domain name portfolio.

Significant damage can occur if suddenly your business becomes unreachable online. This can cause reputational damage and, at worst, a business that relies on trading online can literally cease to exist.

We’ve outlined some of the ways this can happen, and what you need to do to avoid it.

Your renewal notice gets overlooked or forgotten

Once your domain name is registered, you often don’t think about it again until the renewal comes due; often many years later.

Overlooking the renewal therefore becomes one of the most common errors, and some of the best known names on the internet have suffered the consequences. For example, a local search directory style mobile app, Foursquare, became a global online brand. It allowed its registration of foursquare.com lapse accidentally in 2010 due to a ‘billing glitch” with their registrar.

More recently two banks in the UK were locked out of their online accounts because they forgot to renew the domain name for the group’s name server that directed web requests to the correct destinations.

Even Microsoft has forgotten to renew a domain, with hotmail.co.uk lapsing in 2003, allowing an unscrupulous purchaser to re-register it and attempt to sell it back to Microsoft at a profit. They only noticed this when an online newspaper contacted them to ask why the domain was owned by a different person.

No longer needing a domain name isn’t necessarily a good enough reason to let it lapse either, as Heinz found out in 2015. They had used fundorado.com for a competition in 2013 and 2014 that involved scanning a QR code on ketchup bottles. After the competition ended they didn’t think they needed the domain any more, only to find that a porn site quickly moved into their previously family friendly site. A Heinz customer wasted no time in sharing the mishap all over social media.

Hijacking of domain names

Another risk for domain name holders is the intentional hijacking of domains which can be performed by unscrupulous operators easily obtaining domain details through registrars.

With the aid of a phishing attack directed at the legitimate owner, these hijackers can take full control of your online presence. This is made easy because in many cases registrars will not conceal the email address of the domain owner when a query to whois.com is performed.

It can also happen when domain registrars do not have the requisite security practices needed for corporate domain portfolio management.

With some registrars you can purchase a ‘security lock’ that restricts registration detail changes to a single user with multi-factor authentication in place.

It’s advised that you should only use registrars that provide this service and make sure it’s active on your account.

Only 17% of Forbes Global 2000 companies have adopted registry security locks, thereby putting themselves at greater risk of hijacking.

And if they have to instigate legal proceedings, for instance if the hijacker has transferred the domain to a registrar in another county, it can take a long time and generate a lot of expense.

An increase in hijacking

International not-for-profit organisation, the Spamhaus Project, says spamming, cyber threats and domain hacking are all on the rise.

Australian Cyber Security Centre (ACSC) alerted Australian businesses to a global Domain Name System infrastructure attack campaign in 2018. The government organisation publishes many useful guides including one covering the essential eight mitigtaion strategies to protect your systems.

If you’re the victim of a full domain hijacking, and your website users are very obviously redirected to another site, you’re more likely to easily detect and remediate that. But what about when an attacker directs only selected requests to another site? You may never know this is happening.

This happened to a Japanese cryptocurrency site, Coincheck. Hackers gained access to the registration details for the domain, logged in and changed the nameserver to their own. This enabled them to let most of the traffic proceed to coincheck.com, but re-route some of the traffic to their lookalike website, where they obtained login information from unsuspecting Coincheck customers.

So what is the solution?

The simplest way to mitigate your exposure to these risks is to ensure your business has robust protection for your entire domain portfolio. And the easiest way to get that robust protection is by using a specialist corporate domain management service.

Melbourne IT delivers Domain Portfolio Solutions provided by our expert team of Australian-based domain specialists.

Get in touch to find out more.

Domain Privacy Renewal and Price Increase

Written on by admin

Registration of our Domain Privacy product will now be renewed automatically

We’d like to thank our customers for using our Domain Privacy service. We are committed to offering a service that can assist in protection of your identity online, from spammers, data miners and marketers to reduce unsolicited phone calls and emails. We are letting you know that the registration of Domain Privacy domain names are set for automatic renewal on the 1st December.

You can verify your billing information anytime by visiting your MyAccount and updating your billing information if required. If your billing information is up to date, then you don’t need to do anything. If you don’t happen to receive a notice of confirmation within 10 days of 1st December, we recommend you check the status of this Domain Privacy  renewal by logging into your MyAccount and reviewing this domain name. Please note that domain name auto-renewals can take up to 7 days to be processed.

This Domain Privacy service will incur a price increase from December 1st 2022. We will attempt to debit the associated credit card on file for this service when the auto-renewal is initiated.

To renew this Domain Privacy registration for a longer period, you can do so by logging into your My Account and selecting the renewal period for each enabled domain name.

Have any questions? Please contact us or call our Customer Care Team at 1300 706 965.

 

Best Regards,

MelbourneIT

For more information please refer to our General Terms and ConditionsService Terms and Domain Name Renewal Policy.

Defensive Domain Registration

Written on by admin

Every year we hear of another well-known business domain that has been attacked or put at risk.

Whether it’s a scammer starting a phishing site and accessing your customers’ data or a competitor using a close domain name match to trade on your good name, the need for vigilance is clear.

Your domain name is a valuable business asset and deserves to be safeguarded.

Melbourne IT’s Defensive Domain Name Report has been developed to proactively identify domain names that could be the source of a breach in your domain name defences. And it’s free.

The report identifies domains names that could be:

  • Your business name
  • Derivations of your business or domain name
  • Misspellings of your domain name

International versions of your domain name

Your business and your domain name are at risk. It could be a competitor or a criminal who chooses to register a domain name just like yours, pretending to be your business to profit from your existing and future customers

Call us today on 1300 706 965 or email us at corporate@melbourneit.com.au for your FREE Defensive Domain Name Report

Registry Lock your critical domain

Written on by admin

Protect your critical domains today with a Registry Lock

A business critical domain is the most important domain for your organisation. It’s a domain that holds websites, emails, intranet and customer portals, if removed would cause a far-reaching and significant disruption to your business.

Secure your critical domain

Registry Locking of business critical domain provides an additional level of authentication between the registry and the registrar of the domain name. If a customer requests a change to a registry locked domain, an authorised individual must submit a request to Melbourne IT Corporate to unlock the domain name.

A registry lock provides the highest level of protection for a domain name and ensures your domain names do not get highjacked, altered, deleted or transferred out. This “out-of-band” step protects against automation errors and system compromises.

Global businesses locks down their domains

Most companies realise that they must be proactive and not reactive to protect their online business. One of our larger global clients worked with us to identify which of their domains were business-critical. We identified four critical domains and placed registry locks on each of them. Now only one person in the company has the authorisation to amend these vital domains.

To find out more contact your Account Manager or chat to us here  or call 1300 706 965 today!

Domain Acquisitions

Written on by admin

Are you having trouble contacting the current owner of a domain?

Do you know the real value of the domain name you are after?

Do you want to purchase a domain name anonymously?

Our domain acquisition team have negotiated domain name acquisitions on hundreds of high-profile domain names. Although some owners aren’t interested in selling their
domain, most are willing to sell at the right price using the right strategy. We have successfully assisted in anonymous acquisition of domain names in all price ranges from small transactions to large.

Melbourne IT can use its wealth of industry contacts and experience to facilitate the purchase of the desired domain on behalf of our clients while keeping your identity confidential.

Domain name acquisitions aren’t as easy as contacting the seller and asking for a price. There’s a lot that goes into acquiring a domain name at the best price. Whether you are starting a new business or looking for a targeted domain for an existing brand, we are here to help facilitate your purchase and make the technical transaction as simple as possible.

How does it work?

Step 1 – Once you have reviewed the fees associated with this service our team will contact the owner and negotiate on your behalf. We are skilled negotiators and will achieve the best possible price for you.

Step 2 – We will work closely with you and your budget to achieve the best outcomes for your business. Once you have approved the final cost we will organise the transaction directly with the seller.

Step 3 – We will start the domain transfer process via Escrow and keep you informed along the way this process can sometimes take up to 10 days.

Step 4 – Once the domain is transferred into our account we will work with you on domain privacy and security recommendations to ensure the domain is kept secure.

Step 5 – The domain is yours!.. we will add this to your Melbourne IT account or should manage your domains with a different registrar we will assist on the transfer.

For more information on this service or to discuss your potential new domain name using our domain acquisition service contact Melbourne IT Corporate 

.kids is coming!

Written on by admin

The new .kids domains are launching soon.

Melbourne IT is excited to announce the launch of the new .kids TLD.

If you’re eligible from August 11, 2022, you can register your .kids TLD.

From clothing labels to media groups,  a .kids domain name will be an excellent choice for popular brands. Fun, catchy and meaningful, .kids domains can be part of a simple and effective solution to cut through the clutter and build long-term brand loyalty.

.Kids Sunrise & Launch Schedule:

  Period Open Period Close
1. Pre-qualified Sunrise Aug 11, 2022 (Thu) Sep 14, 2022 (Wed)
2. Community Sunrise Sep 20, 2022 (Tue) Oct 19, 2022 (Wed)
3. Pioneer Domains Oct 19, 2022 (Wed) Nov 29, 2022 (Tue)
4. General Availability Nov 29, 2022 (Tue)  
NOTE:

All periods open at UTC 16:00 and close at UTC 15:59.

Domain names are allocated on a First-Come-First-Served (FCFS) basis in all periods.

There will be no stoppage of the registry system between Community Sunrise, Pioneer Domains and General Availability.

 

To register a. kids domain name from August, your business will need to have submitted your details to the Trademark Clearinghouse, a service provided by the Melbourne IT corporate team.   Click here to learn more.

To learn more about .kids domains, don’t hesitate to get in touch with your Account Manager or our customer care team on 1300 706 965 (AU) or 0800 468 110 (NZ).

Domain Audits

Written on by admin

Domain names are valuable business assets. You cannot afford to let them lapse simply because their records have not been maintained. If you have a portfolio with a large number of domains, the task of ensuring the domain records are complete and accurate becomes even more complicated and time-consuming.

Are all your domain name records up to date?

When a client’s business name changed we found they were operating with 18 domains. However, four were still registered under the old business name, and an expired ABN, meaning the domains were technically registered incorrectly and were invalid.

As a result, auDA issued a warning that these critical domains would be deleted if certain documentation wasn’t provided. Melbourne IT Corporate was able to update these records to protect these at-risk client domains.

Domain Audit

Melbourne IT Corporate offers a Domain Audit service that provides you with a comprehensive overview of the domain portfolio. We can then assist in updating any records to
ensure your domain portfolio maintains its validity.

The Melbourne IT Domain Audit outlines:
• All currently registered domain details.
• Domain status and expiry date.
• Contact information.
• Security status.

Contact the MITC team today on 1300 706 965 or emails us at corporate@melbourneit.com.au to learn more.

Defensive Domain Registration

Written on by admin

Defensive domain registration is a proactive step to ensure your brand is protected, also known as domain gaps they are names that are relevant to your business. These could be your business name or particular industry that are available to register.

They could be:

  • Your physical business name
  • Hyphenated words
  • International Domain names
  • Misspells 

Having a proactive approach with domain gaps is important. All domains are available to register publicly and you are always at risk for someone being a competitor or criminal, registering a domain name and pretending to be your business to profit on your existing customers and new ones.

How can they do this?

A Domain name is the root of any online website and it is quite easy copy your online material and publish without you being aware. The phishing site could then collect client data such as credit card information and the potential for irreparable damage to your brand is incalculable.

They can also register domain names with the intention of selling them back to you at an inflated price.

We recommend you check your domain gaps regularly.

If you would like a free defensive domain report reach out to Melbourne IT Corporate today at corporate@melbourneit.com.au or 1300 706 965

Protecting Your Critical Domain Name Online

Written on by admin

What you need to know for domain name protection

In today’s digital world, there are very few large companies without an online presence, and for any company that relies on consumers, a website is essential for survival.

Top priority for most Australian businesses is to get .com.au. But that’s only the first of many steps you need to take to ensure your customers can quickly and reliably reach you online.
The domain name landscape has become enormously complex, and there are many issues you need to deal with to ensure your customers can find you online. Here are the most important ones.

Secure country top-level domains

Having secured your .com.au domain name, the next step should be to secure the same, or as near as possible, name in other country top level domains (TLDs) where you operate, .co.nz, for example.
Today, in addition to these country TLDs, there are hundreds of other generic top level domains (gTLDs), and the list is growing all the time. This includes industry specific names such as .aero and .archi that are restricted to organisations in those industries, and many others that anyone can use to create their domain name. Some, such as .attorney, are clearly intended for organisations of a certain kind, but are actually available to anyone.

The Internet Corporation for Assigned Names and Numbers (ICANN), the global Internet oversight body, lists hundreds presently available and says over 1300 new gTLDs could become available in the next few years.
For the uninitiated, keeping up with developments and determining which names would be useful or important to have can be very challenging.

 

critical domain name protection

Protect your domain names with trademarks

There is also the challenge of proactively protecting your business names online. Simply having a business or company name offers you no protection from somebody with a legitimate right to use a similar or identical name from registering it. Only a trademark will give any protection.
Here’s how the system works. ICANN has created a database of validated and registered trademarks to help trademark holders prevent their trademarks being used as domain names by others.

It applies only to second-level domain names and, in particular, is designed to prevent trademark infringing names from being registered under the many new gTLDs. Holders of valid trademarks that are listed with the clearinghouse are notified before new gTLDs become available and given the option of purchasing names that correspond to their trademarks.
In the first 90 days after a new gTLD goes live, anyone trying to register a name is informed if that name matches a trademark registered with the clearing house. If they proceed to register it, the trademark owner is notified.

The trademark owner would then have no certainty they would be able to prevent their name being used by its now owner. They can negotiate with ICANN, but this is a difficult and time-consuming process that requires expert assistance.

A healthy domain name market

An easier, and possibly cheaper option might be to simply buy the name from the registrant. There is a healthy market in domain names, with specialist sites auctioning names. Some names have changed hands for eye-watering amounts. Lasvegas.com was bought in 2015 for a reputed $US90 million ($A127m).

Famous names like that have obvious value. If you want to buy an obscure name that happens to match your business name or that of your product or service, you can often pick it up quite cheaply, unless the seller realises why you need it.

Do you have these answers?

Protecting your brand online should be a high priority, but to do this effectively, you need to be very proactive in an area that is not core business and requires considerable expertise and knowledge. Are you across all the domains that your organisation owns? Do you know when they need renewal? Are the details attached to these domains all up-to-date? Do you have a strategy to protect your trademarks?

Don’t have the full answers to the above-mentioned questions? The solution is to outsource your domain name management to a specialist domain management service for which all these tasks represent core business.

A good corporate domain manager will have the systems and the qualified personnel to look after all aspects of your domains efficiently and reliably. In addition to protecting your brand online, a domain manager will take care of the routine aspects of domain management, ensuring details lodged with domain registrars are correct and appropriate, and that all domains’ registrations renew automatically.

An effective corporate domain manager will even negotiate to buy domain names on your behalf, so the seller does not realise why they are wanted and jack up the price.

If you’re interested in finding out more about specialist domain name management, please contact Melbourne IT.
Our MITC team have been helping large Australian businesses effectively manage their domains since 1996.

Domain name dangers, and how to avoid them

Written on by admin

Most businesses today are well aware of the need to protect their business assets from online threats, but one vital asset gets very little attention in many businesses: the portfolio of domain names.

A business can suffer significant damage if it becomes uncontactable online. In some cases, it could cause reputational damage. In a worst-case scenario, a business focussed on trading online could cease to exist. Here’s how that can happen and what you need to do to avoid it!

Forgetting to renew

Domain names are often set-and-forget assets. Once they are registered, unless changes are required, no further action is needed until they are due for renewal, usually several years after registration.

This is by far the most common domain name error, and some of the biggest names on the net have suffered the consequences.

Foursquare started life as a local search-and-discovery mobile app and is now a global online brand. It allowed registration of Foursquare.com to lapse in 2010 due to a ‘billing glitch’ with their domain registrar.

In 2013 customers of two UK banks, Clydesdale Bank and Yorkshire Bank, were locked out of their online accounts because their owner, Australia’s NAB, forgot to renew the domain name for its group name server, nabgroup.com, that directed requests for those websites to the correct destinations.

In 2003 Microsoft forgot to renew the domain name hotmail.co.uk, and someone purchased the domain. The buyer then tried to contact Microsoft to offer them the name but he was ignored. Only when news site The Register contacted Microsoft almost two weeks later to ask why someone else owned their domain did they take notice and recover it.

Not renewing names you might not need can also be damaging. Heinz used fundorado.com for a competition in 2013 and 2014. The site was reached by scanning a QR code on ketchup bottles. When the competition ended Heinz let the name lapse and by 2015 it had been registered by a porn site. The Heinz customer who discovered that took to social media to tell everybody.

Domain hijacking

Not all domain dangers are due to accidental mishaps. Domain names are registered with domain registrars who hold all the details of the domain including account authorities, and name server information associated with the domain.
Once someone has access to your details held by your domain registrar, for example through a phishing exercise directed at the legitimate contact, they can take full control of your online presence.

Things are made easy for them because, in many cases, the email address of the legitimate contact is publicly accessible via a query to whois.com.

Domain hijacking is also facilitated by some registrars having insufficient security practices relating to corporate domain management.

Some, but not all, offer registrants the ability to implement a security lock. This allows only one person to make changes to registration details, and that person must complete two-factor authentication to do so.

You should only use a domain registrar that provides this facility, and make sure it is activated, but many businesses fail to do this.

83% of the Forbes Global 2000 companies are at risk of domain name hijacking because they have not adopted basic domain security measures like the registry lock protocol.
And if the hijacker has transferred the name to a registrar in another country, retrieval could require legal proceedings in that country, a costly and protracted exercise.

Hijacking on the rise

To make matters worse, the Spamhaus Project, an international non-profit organisation that tracks spam and related cyber threats, says domain hacking is on the increase.

And in 2018 the Australian Cyber Security Centre (ACSC) alerted Australian businesses to “a global Domain Name System (DNS) infrastructure hijacking campaign”. It directed organisations to its Essential Eight mitigation strategies to protect their systems.

A full domain hijacking where access is lost, or where users are directed to another site, is likely to be rapidly detected, hopefully enabling, speedy remediation. Potentially more damaging is a hijack that enables the attacker to direct only selective requests to another site.

This happened last year to Japanese cryptocurrency exchange Coincheck. The hackers gained access to registration details for coincheck.com and changed the nameserver to their own, with a very similar name. This enabled them to let most of the traffic go to coincheck.com, reroute some to their own look-alike website and launch phishing attacks on those unsuspecting coincheck.com customers.

The solution? Specialist management

A good way to reduce your exposure to these dangers and to help implement robust protection for your entire domain name portfolio is to outsource management to a dedicated corporate domain management service.

If you’re interested in finding out more about specialist domain name management, please contact Melbourne IT. Our Domain Portfolio Solutions team have been helping large Australian businesses effectively manage their domains since 1996.