Is this the gathering of the elders?
Good to see everyone here.
Domain theft is rampant. Here are the current methods I'm aware of:
1. Social engineering: Calling up or chatting with registrar support to alter emails on the account, change DNS or add such info, claiming duress ("help me, I am going crazy with my boss" etc.)
2. Registering a dropped domain that is still linked in the registrant/admin contacts of the target domain. Then setting up the relevant email and initiating changes to the account, transfer attempts etc. It can then lead to
#1
3. Finding domains operated with emails that are from old ISPs such as AOL, Earthlink, Roadrunner etc. and resetting them via
#1 or finding their password in leaked databases
4. Rare but possible: SIM swapping, calling up the mobile provider and using
#1 taking over the phone number of the target account.
5. Phishing or malware: fake Gmail or GoDaddy portals, or emails with fake alerts to log into your account because of a supposed emergency - the victim is shocked/panicked and enters their details into the scammer's form.