When you rebrand or merge your business, you may register a new domain and let the old domain expires. However, cybersecurity experts have proved that letting your domain expire is a dangerous move which may lead to fraud and data breaches.
In a 2018 study, Australian cybersecurity expert Gabor Szathmari had registered expired domains of law firms and demonstrated how to gather confidential data without hacking any website. What he did was merely re-register expired domain names and set up an email server to retrieve mail from accounts linked to the domain. Szathmari suggested that as long as cybercriminals can verify domain ownership, they are able to gain access to email. People may assume that email accounts are deleted after a domain expires. But in fact, the email accounts can still get incoming mail from old contacts. So, all the private information including names and addresses, invoices, customer details, software license keys and bank statements that are used to be sent via email will be exposed to cybercriminals. They can sell this private information on dark web and even reset your passwords on third-party online services using email and take over your personal user accounts (LinkedIn, Facebook, etc.).
On the other hand, scammers who own an expired domain can download the original web pages from archive.org and set up a fake online web store to take orders. They may encourage bargain hunters to submit orders by offering a deep discount to them. After they received the orders, scammers can steal the credit card data and sell it to others. The orders that the customers have made via the fake online web store will never be delivered. Without a doubt, it causes damages to the brand that owned that domain previously.
According to security experts, the best way to safeguard your old domains is to keep renewing them, even if you are not currently using them. Registering for automatic renewal of domain name is a good option to prevent a domain from expiring. You may also consider registering your domain for multiple years in order to save yourself an annual chore. Do not ignore domain renewal reminder emails sent by your domain registrar. Contact them if you have any questions regarding your domains.
If you must let your old domains expire, you should close the email accounts associated with those domains and unlink those email accounts from alerts sent by banks, airlines, and other services that handle sensitive information. Moreover, delete Facebook, Twitter and other personal accounts registered with those domains. If you can’t delete it, at least scrub it form any personal information. Do not delay when it comes to your domain name registration. Remember that an expired domain name carries with it real risk, including potential data breaches and reputation damage to your brand.