warning I lose $42,000 on an escrow.com transaction as pdd.com, help please.

DomainVP said:

Thank you @jberryhill for taking the time to lay all of that information out. These are very valuable posts that are going to save people from falling into this kind of trap.

One thing I didn't see mentioned during this discussion was the "Inspection Period". Am I right in assuming OP agreed to an inspection period of "1 day"?



From Escrow:


I would have done no less than 7 days for inspection for any additional due diligence.

Obviously the key to this is to do your research before any acquisition, but do you think a lengthy inspection would help or hurt a transaction like this.

Click to expand...

Good point here, why not even stretch it to 30 days. Most likely buyer would never agree, as they would know time is not on their side.

(just an idea)

Making a name Patrick Sitrok for himself + profession

The name (inspiration), link domainbigdata



and the address (inspiration), link opengov

Patrick's Salon
14999 Preston Rd Ste 600
Dallas, TX 75254-6850

jberryhill said:

Escrow.com likewise will provide nothing voluntarily. They know they just moved $42k in a transaction involving stolen goods. Their only concern is their own potential liability. In the last year, I have seen the most amazingly incompetent things done at Escrow.com. What do you think they are going to do? Say, "Oh, yeah, um, here's a fake Brazilian driver's license we used in order to verify the identity of someone who had us send money to Indonesia." Absent a subpoena, that's not happening.

Click to expand...

I have always used my in house credit card payment system for transactions but had a few bigger deals lately and have recently opened an escrow account.

Something inside me told me that escrow is no substitute for due diligence.

I always ask for, or look for this info....

- Whois History
- Send me an email from email listed in whois
- if there is a push involved, have them make a small change to whois
- try to contact previous whois owner if recent change
- verify contact info of who you are dealing with
- sometimes I ask for employment verification

If my buyer/seller says its too much info then I tell him he gets my contact info back. There is no such thing as too much information on a large transaction.

Oh, yeah.... almost forgot... a bill of sale is also must when goods change hands.

Don't forget if you use paypal to always enter funds for domain sale xxx.com etc.

Document, Document, Document

carob said:

But in the event that a customer pursued Escrow.com for having inadequate checks...

Click to expand...

Define what you mean by "pursued".

Additionally, please check your definition of "pursued" against the dispute provisions of the Escrow.com general terms: https://www.escrow.com/escrow-101/general-escrow-instructions

In particular, have a look at Section 10.

Of course, you could have the State of California take a deeper look into Escrow.com's operations for free:

http://www.dbo.ca.gov/Consumers/consumer_services.asp

jberryhill said:

I mean, where do any of you think a legal action of any imagined kind is going to lead? Escrow.com will provide account information of a US account holder who is just sitting at home waiting for you to show up with a summons?

Click to expand...

Just like you say, unlikely. But we know that scammers are very often dumb, which is why they are not engaging in a legitimate activity in the first place. And sometimes they are overconfident and they get caught. For example when they use a VPN and think the VPN service does not log their home IP address and will not turn them over, not to mention that the VPN connection can drop.
I have an example in mind. You may still remember that epic thread on another forum where a member (DanielG) was busted as a domain thief and he served time in a federal prison thanks to a relentless victim, and a landmark ruling. He didn't bother to cover his tracks because he must have been thinking the owner was asleep or powerless.
But like you say, the scammer is probably far away.

Kate said:

But we know that scammers are very often dumb, which is why they are not engaging in a legitimate activity in the first place.

Click to expand...

There's something of a "two hump" IQ distribution among criminals. You have some really, really dumb ones, and you have some much more clever ones.

My point is that you can burn through a pile of cash before you find out which one you have.

Kate said:

You may still remember that epic thread on another forum where a member (DanielG) was busted as a domain thief and he served time in a federal prison thanks to a relentless victim, and a landmark ruling.

Click to expand...

Indeed, a "landmark" of New Jersey state law. Remind me what all of that cost.

jberryhill said:

But when you see a domain name which has been used by the same people for more than 20 years, followed by a recent WHOIS change to a free email account, and then a sale proposal, it's time to get in touch with that 20 year user to find out what's what.

Click to expand...

That is the most succinct summary of the entire thread. All buyers should do your own due diligence first. You can’t blame NSL or Escrow for anything.

The seller used a phony ID, and not sure what recourse buyer expects as Escrow verified the scammer somehow. When I set up my escrow account, All I did was scan my ID. I don’t believe they checked deeper, (and it could have been forged), thats the only verification other than the banking for the wire which was also a verified account.

Concierge service at Escrow is well worth it when I had my $Xxxxx sale last year used it and all went well, buyer was in China, who went to archive and verified history and whois, etc. before deciding to buy. Escrow handled all the steps to make sure all went well. Way too many phone calls to Escrow was my only complaint. The buyer was indecisive as to where to transfer the name or keep it at NSL where it was paid for several additional years. I kept the old email on the domain address until the transaction completed, but had requested Escrow handle all communication all under another one. Common sense. The only small snag was my final approval email from the new gaining registry was written in Chinese, pretty incompetent as it was obvious that I was a western seller.

Just my thoughts - If this is all true this isn't the first time someone has been scammed and bought a stolen domain using escrow.com's service. Unless they have changed their terms of service it is the buyer's responsibility to do the due diligence on the ownership of the domain being purchased. The escrow company does not assume liability for the domain ownership, I expect this would also apply to the concierge service if used for the transaction. This is no different than buying a stolen vehicle, it will be returned to the rightful owner and you need to do battle with the person you bought it from. Back in the day, when something like this came to light the first thing to do is alert the bank and attempt to recall the payment. Since this needs to happen almost immediately chances are it is too late here. When I was at escrow.com we used to have relationships with IC3.gov and many agents within the FBI who specialized in cyber-crime. Maybe they still do, but this was the first call I would make after verifying that a crime had taken place. Working with these contacts we were able to get the funds returned occasionally. I expect some of you reading this were either beneficiaries of these relationships or unfortunately ended up losing your funds. Fortunately, escrow.com does know where the funds were sent and will be able to turn the information over to law enforcement once it is determined a crime has occured. They could also be proactive and file a Suspicious Activity Report with FinCEN, I don't believe escrow.com is registered with FinCEN. Escrow companies used to be exempt, but money services businesses must be registered. A Suspicious Activity Report (SAR) is a document that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) following a suspected incident of money laundering or fraud. These reports are required under the United States Bank Secrecy Act (BSA) of 1970. Anyway, best of luck and may the good guys win.

I had actually reached out about this domain a few years ago since it looked like PDD was basically just abandoned and the owner, Wayne Patrick (just look up his name + PDD to find him on twitter, linkedin etc), had moved onto other nifty big projects. Never heard back from him or any other previous colleagues so assumed it was being held onto for 1+ of many understandable reasons despite no longer being an active biz as far as I could tell, and a "offer they couldn't refuse" would be out of my budget anyways. Sorry to hear you got scammed, and apparently the scammer used the name "Patrick" and location info to make look more legit, really hope it works out for you somehow but thanks for letting us all know and hopefully it will save some others from getting burnt by the same scammer on other domains he might have stolen.

Brandon Abbey said:

When I was at escrow.com we used to have relationships with IC3.gov and many agents within the FBI who specialized in cyber-crime. Maybe they still do, but this was the first call I would make after verifying that a crime had taken place.

Click to expand...

Having seen a number of instances of this sort of thing since you left, Brandon, I would suggest that practices have changed markedly.

Twice in the last year, I have seen instances in which Escrow.com falsely confirmed receipt of funds and then, to cover up their error, started flinging bizarre accusations at others.

Here's a real beauty, and I apologize for the digression, but people should know what kind of outfit Escrow.com has become.

The scenario is that the parties set up a payment transaction with Escrow.com. Escrow.com then confirmed receipt of payment In reliance on Escrow.com's confirmation, the domain name is transferred.

Then, a month later Escrow.com realizes they screwed up, so they actually send this to the registrar (and see my comments after):

----------------------------------
Dear Sir/Madam,

RE: STOLEN DOMAIN NAME - XXX

We refer to the domain name XXX which Mr XXX has had in his possession since XXX, 2017 and understand that you are the registrar for that domain name.

Mr XXX still has an outstanding amount of $1,594.50 owed by him to our company, Escrow.com <http://Escrow.com> (“Escrow”).

We have tried to contact Mr XXX multiple times by way of several email addresses and a telephone number. All attempts have been unsuccessful.

Mr XXX is in possession of this domain name, not having paid for it. Mr XXX must pay this amount immediately or we will be forced to commence legal proceedings and/or contact the relevant governing authorities to recover the outstanding amount of $1,594.50.

We ask that you please lock XXX until Mr XXX pays Escrow the outstanding amount.

We look forward to hearing from you.

If you have any queries, please do not hesitate to contact us.

Yours Faithfully,

Syan Olsen.


--
Syan Olsen
In-house Legal Counsel

Level 20,
680 George Street
Sydney, NSW 2000
Australia
-------------------------------------

The operative question here is if Mr. XXX didn't pay escrow.com, then how does he have the domain name?

This was Escrow.com transaction ID #2960125 should Ms Olsen ever decide to respond to my reply to her ridiculous email (which was sent to a party that was neither the registrar, buyer or seller in the actual transaction).

What Ms. Olsen neglected to mention in any of this was that on Mar-17-2017 in that transaction, Escrow.com confirmed receipt of the buyer's payment. A month later they go claiming that the domain name was stolen because they didn't receive payment.

From the "you have one job" department, you might think, and I'm pretty sure the California Financial Code Section 17414 assumes, that the business of a licensed escrow company is to accurately confirm whether they have been paid or not, before they issue a confirmation of payment.

No, Ms. Olsen, as an escrow provider, you do not "confirm receipt of payment" to the parties to a transaction, then a month later realize you didn't get it, or else you lost it among your other interesting accounting oddities, and claim that the name was "stolen" as a consequence of the parties' reliance on you to do the only job you had.

I mean, just take a look at Olsen's email, and construct in your mind a set of facts under which (a) someone would have taken possession of a domain name before Escrow.com got paid, and (b) anyone in their right mind, let alone Godaddy (to whom the email was directed) would give two shits about an email from an Australian lawyer making unverified claims over threatened "legal action" for an amount of $1,594.50.

I suppose the reaction by GoDaddy was supposed to be "Oh, gollly, an escrow company screwed up their job. We'll get on this one right away!"

But Escrow.com has a curious definition of "stolen":

1. Parties agree on terms at Escrow.com.
2. Escrow.com confirms receipt of payment.
3. Parties transfer name.
4. A month later Escrow.com changes its mind, decides they weren't paid at step 2.

No, that's not "stolen", that's monumental incompetence and a violation of California law by Escrow.com.

What's truly amazing to me from the "your job, do you know how to do it" department, is that Escrow.com screwed up in the amount of $1500 and some change. Instead of eating their mistake, they decide to advertise their incompetence to others, on the assumption that losing $1500 is somehow worse than sending an email saying "We don't know what we're doing." (and on top of that, copying the email to someone who wasn't even involved with registration or transfer of the domain name)

Again, I apologize for the digression.

As for the transaction which is the subject of this thread. Here's what happened:

1. Domain name was stolen by hacker who took control of it.

2. Domain name was offered for sale to OP.

3. Parties set up transaction at Escrow.com.

4. Escrow.com got paid. Domain name was transferred to OP's account by hacker. Escrow.com relied on buyer's notification that the domain name was transferred.

5. Theft victim contacted Netsol, provided enough evidence to establish it was really them and/or other information.

6. Netsol looked at access logs for the account, and other information available to them to establish it was unlikely that that victim is lying about the theft, and transferred it back to the victim. Netsol also likely noted suspicious activity in connection with another domain name recently transferred to that account.

To draw some lines about "who did anything wrong" here....

1. Netsol - their system worked as intended. They received a report from one of their customers about a stolen domain name, and transferred it back. The OP is disappointed not to have been consulted. The only thing the OP can demonstrate is that the OP paid Escrow.com for purchase of the domain name to a person who has never been associated with the domain name, and it is highly likely that Netsol didn't get any response at all from the gmail.com email address with which the domain name had been briefly associated. Given the longstanding registration, the fact that the registrant is an easily-verified existing Indiana corporation, and the likely odd location, proxies, etc. that were used to access the account, the circumstances easily passed the credibility threshold for them that the name was stolen. So, they returned it. It's not usual for a domain name to sit unchanged for many years by a customer in Indiana, and then suddenly get a bunch of updates and confirmation clicks from somewhere else on the planet.

2. Escrow.com - they promise that they will receive funds and hold them until it is confirmed that the domain name is transferred. The buyer paid, the funds were received, the buyer confirmed receipt of the domain name. Boom - their job was done. They don't promise that there are no outstanding legal claims against a domain name, that the domain name is legitimately registered to whomever is selling it, or whatever.

This thread is kind of eye-opening to me, as I was unaware of the pervasive naivete among many members of this forum on how things can go wrong, or what sorts of things might be useful when things do go wrong. If anything, I guess part of that is the way that Escrow.com markets its service, which may convey a broader impression of security than many people believe. I mean, sure, could Escrow.com provide information on "things you might look into" before buying a domain name, to avoid being taken in? Yes, but that would be a silly move for them on a website festooned with pictures of locks and slogans like "SAFELY BUY AND SELL PRODUCTS AND SERVICES FROM $100 TO $10 MILLION OR MORE" on it.

Escrow.com has a very narrow job. Their marketing probably makes people think that they are immune from being scammed through them. You are not immune from that. Escrow.com has no duty or obligation to look at the history of the name, whether or not the domain data and their seller payment data make any sense, or the numerous other warning signs that were obviously present here. Escrow.com is not going to inform you of these kinds of things either, because it detracts from the impression they are trying to convey, in order to get a fee out of you.

But, for reals, I would be amused if the OP asks Escrow.com for the transaction fee back, and posts their reply here. Send an email to Syan Olsen, and call it a "Stolen transaction fee". And keep us updated on all of the overwhelming help and support you are getting from Mr. Elsegood. Because I would really like to see the "We understand you were robbed, but we are keeping your $373.80" email.

We may not know much about the rest of it, but we know that Escrow.com got $373.80 of your money, and you got nothing. I'm certain that qualifies for Ms. Olsen's peculiar definition of a theft.

Hi John,
Escrow.com takes the confidentiality of customer data extremely seriously and will not release another customer's data based on accusations but does comply with requests from law enforcement.

Our Chinese language support team is in touch with the buyer and assisting, by no means would we ignore a customer or their requests because their transaction has closed.

Jackson Elsegood

Jackson Elsegood said:

Escrow.com takes the confidentiality of customer data extremely seriously and will not release another customer's data based on accusations

Click to expand...

As I already said, you won't give out the payment information, because this thief's confidentiality is taken extremely seriously. Yes. No surprises there. I already had posted that.

And, yes, your Chinese language support team is assisting the buyer in understanding that the buyer is well and truly screwed.

I am certain that your Chinese language support team has informed the OP that they can file a lawsuit and subpoena the information from you. Yes?

As for "requests from law enforcement" I suppose you will also clue in the OP as to the FBI's monetary threshold of "we don't care", which is well in excess of $42,000.

We would not give out any customer's data without an order to do so, this protects the confidentiality of all of our customers.

Jackson Elsegood said:

by no means would we ignore a customer or their requests because their transaction has closed.

Click to expand...

It's so good to hear from you, and only three days after the anniversary of your continuing to ignore my email of 6 January 2017 concerning transaction #2162718. Perhaps you will be replying soon?

Here's another gem from someone who calls himself a "Security Engineer" at Escrow.com concerning a very similar set of circumstances which was fortunately and ultimately addressed by an appropriate lawsuit.

----------
On Wed, Jan 4, 2017 7:26:40 PM, [email protected] wrote:
Hi XXX,

Thanks for getting back to us.

The wire transfer receipt is false as the funds never reached our account (it was this receipt that caused us to prematurely and incorrectly mark the transaction as paid).

Regards,

Nicholas Hairs
Security Engineer
Escrow.com

Sent from my mobile.

e: [email protected]
w: www.escrow.com
pgp: 0x670AF0C90C3AD4F6
--------------------

For those playing along at home: A buyer in an Escrow.com sent Escrow.com a fake wire transfer document, which Escrow.com then relied upon in order to issue a payment confirmation - instead of checking their own bank account to see if they had received the payment.

What was particularly inept about this "Security Engineer" email, was that he was replying to a registrar support person who had already told him that the confirmation in question, which had been relied upon by the parties, was the "payment confirmation" issued by Escrow.com. We never saw the fake receipt that Mr. Hairs was talking about. Mr. Hairs just went the extra mile of stating that Escrow.com did not check its own bank account to see if they had received the money, before issuing a confirmation that they had received the money.

So, in other words, when Escrow.com sends a "confirmation" that they have received payment, then you can take them at their word that maybe they did receive it, or maybe they didn't receive it. They'll be sure to let you know, oh, maybe a month or two later.

jberryhill said:

But, for reals, I would be amused if the OP asks Escrow.com for the transaction fee back, and posts their reply here.

Click to expand...

Given the public spectacle this has already become, I'd be surprised, and disheartened if @Jackson Elsegood and/or Escrow.com didn't opt to be proactive, and return the transaction fee to the buyer on their own accord.

But if they did this, would this set some type of precedent, for all future (and perhaps previous) instances, of stolen domain sales at Escrow? Not saying it's a bad thing -- to return transaction fee's back to a buyer who had their purchased domain repossessed due to a stolen domain purchase -- just wondering what type of ripple effects this would have.

Jackson Elsegood said:

We would not give out any customer's data

Click to expand...

Yes, we all know that. Maybe if you repeat me a third time, it will stick.

Wow, this is good stuff. So whatever the payment method, its not that secure after all.

Maybe next time, I will ask for photo ids, chat online, and call the person's cell phone and look up the carriers and wait for a few weeks. Just to be sure.

Grilled said:

I'd be surprised, and disheartened if @Jackson Elsegood and/or Escrow.com didn't opt to be proactive, and return the transaction fee to the buyer on their own accord.

Click to expand...

Do a nice and voluntary thing for someone who is distraught? Are you mad?



They sent that ridiculous email to GoDaddy saying "Hi, we're an incompetent escrow company" to chase after $1500. One might imagine the public relations genius which inspired that idea.

Caveat emptor for every transaction. Wow.

Correct me if I am wrong, but this comment above is bothersome.

The other thing seems to come into light is that what Payoneer brought up about FINCEN. Suppose that the buyer is using illicit funds? So you as a seller overseas or domestically, you have US Gov liability as well as selling your domain and receiving those “illicit” funds, and you have no way to prove they are legitimate prior to the sale and banking privacy. Escrow companies are as stated above perhaps not checking, not a bank registered to comply with anti-money laundering laws and verification of funds origin nor any guarantees. Is that correct?

So, if you sell a domain and receive “illicit” funds as determined by FINCEN, you could lose them, also more due diligence is needed but nearly impossible to predetermine, unless of course the buyer pays with a credit card.