IT.COM

discuss [Resolved] Domainer Loses $26k On A Stolen Domain!

NameSilo
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Darn! Another scam and this time it is an experienced domainer James Booth.

James must have thought he was making a sound acquisition as he transferred approximately 26k to escrow for CQD.com. Instead, after completing the escrow, the domain was taken from his account by the registrar without notification and returned to the "true" owner.

Turns out the person that sold him the domain CQD.com, may not have been the true owner.

Apparently this incident involves several parties including the registrar and the escrow.


Thanks to Theo over at DomainGang for the tip on this.
 
30
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
All the phishing emails, etc.... People have to begin to realize that companies go to extremes to protect their data and valuables online for good reason.

I just read an article by Jamie Zoch about taking control of your email: http://dotweekly.com/taking-control-of-your-email-and-understanding-it/

I have worked with so many small businesses that are naive and cheap when it comes to internet security. They just don't understand. Not only that, but they are so novice that I know immediately the ones that will have problems.

I had a client call me a week ago saying their site was hacked. I checked and it turned out they let the domain expire. It had only been a few days and they renewed it and everything came back on. This is the technical level of many people and they sometimes own very valuable domain names.

No doubt there are damages here, just not sure who will agree to take blame and pay.
 
Last edited:
5
•••
We did contact you and had discussions via BOTH emails ([email protected]) and ([email protected]). I have proof of all the emails.

Does this mean that buyer emailed the WhoIs email for the domain and received a response back from that exact email? @spoiltrider

I know that with many emails, they are sometimes routed or forwarded to other emails, or are "catch alls" and that the response might come back from a slightly different email, for example [email protected] versus [email protected]
 
Last edited:
2
•••
It is also possible to send an email with "From" showing absolutely anything, like rebecca @ qcd . com , without any access to qcd.com email.
As for different prices disclosed, wasn't there a broker involved in escrow transaction? In this case, amounts that are shown or otherwise confirmed by escrow may be different for buyer and seller
 
3
•••
I don’t recall anything about a broker being involved. The deal was done outside of Afternic.

This buyer is implying that he emailed Rebecca and received an email back. The word the buyer uses - “discussions” - implies a return email. I assume of the email addresses he mentions at least one is the registered WhoIs for the domain. So unless he means that he received the first email and merely responded to it, then a completely forged reply-to email address wouldn’t apply here. A hack of the owner’s email addresses and use of her email(s) by a hacker could explain everything but again I’m not hearing definitive explanations from the buyer as to exactly what he did.
 
Last edited:
4
•••
I don’t recall anything about a broker being involved. The deal was done outside of Afternic.

This buyer is implying that he emailed Rebecca and received an email back. The word the buyer uses - “discussions” - implies a return email. I assume of the email addresses he mentions at least one is the registered WhoIs for the domain. So unless he means that he received the first email and merely responded to it, then a completely forged reply-to email address wouldn’t apply here. A hack of the owner’s email addresses and use of her email(s) by a hacker could explain everything but again I’m not hearing definitive explanations from the buyer as to exactly what he did.
I picked up on that keyword also "discussions", that could imply simply emailing, asking if a domain is available for sale, and for how much, and that is the end of that. Most likley this person had their email compromised which allowed for them to probably get access to the domain, without rocking the boat so to speak.


Someone mentioned the original owner might have been in on the scam, when it is tied to a business you have operated for over a decade, I can't imagine someone going thru this ordeal, and given how easy it is to trace things back via ip, and paper trail, it just wouldn't make any sense.

I mean if this was anyone of us who lost a 3L.com via theft, and the buyer said well pay me $26K, and you can have your name back, I don't think that conversation would go over to smoothly, just to many emotions involved. We have to be honest with the situation, there will be no winner here.
 
5
•••
Another thread mentioned using the concierge service at escrow.com. So Escrow takes possession, then transfers it to buyer. I have used their concierge selling and it worked fine and it was an equally $$ domain. If Escrow takes possession of it as stolen, then it seems to me that Escrow would be liable, but Escrow would have done due dilligence on behalf of the parties (I believe) and killed the sale before all this. Or is my assumption and thinking incorrect?
 
3
•••
Payee < ID, Payment details) < Escrow > (ID, Payment details) > Payer

The Escrow company is not responsible for verifying the seller's domain name ownership. You have to perform your own due diligence or hire DD service. (Read ToS, instructions, etc)
 
Last edited:
4
•••
The Escrow company is not responsible for verifying the seller's domain name ownership. You have to perform your own due diligence or hire DD service. (Read ToS, instructions, etc)
Yes, but if Escrow.com verifies that you are transacting with "Rebecca J. Burns" and then Rebecca J. Burns shows up saying someone stole her domain name, then I'm going to go out on a limb and say that another "Rebecca J. Burns" did not steal her domain name, which means the KYC failed miserably.

No? Yes? @equity78 @EJS @Acroplex @Domain Shane
 
5
•••
3
•••
Hopefully @Jackson Elsegood can take a look and confirm what really happened?
They can't comment on it, especially if it is going legal. They will only discuss with parties involved, which is probably for the best in such a case, until things are settled.
 
4
•••
Escrow.com verifies that you are transacting with

That's the problem. Escrow job is to escrow money. You can sell whatever you like, a neighbor car, just show your ID and bank details, that's it. The DD is on buyer.
 
4
•••
Yes, but if Escrow.com verifies that you are transacting with "Rebecca J. Burns" and then Rebecca J. Burns shows up saying someone stole her domain name, then I'm going to go out on a limb and say that another "Rebecca J. Burns" did not steal her domain name, which means the KYC failed miserably.

No? Yes? @equity78 @EJS @Acroplex @Domain Shane

There is case law on this sort of thing. For example UPS has a C.O.D. (cash on delivery) service (probably not used so much these days) where they must accept a check or cash from the customer at time of delivery, and send it along to the customer
https://www.ups.com/us/en/shipping/services/value-added/cod.page
Shipper may mark so that only cash or cashier's check is accepted.
Now, although there is a UPS disclaimer "The shipper assumes all risk related to the collection of the payment, including non-payment, insufficient funds, and forgery," there is case law in both directions on this subject. Some courts have held that the shipper assumes all liability, for example for a counterfeit cashier's check, but other courts have held UPS to at least some standard of liability, some level of duty, such as, as one court put it, not merely accepting any cashier's check, for example, not one "made out of toilet paper."

Which is why, as I pointed out above,
As far as liability with the escrow company, I assume that either or both sides will sue them too, but I think their disclosures wash their hands of liability once escrow has closed. Whether these disclaimers from the escrow company will hold up in court, under these circumstances though, is not entirely clear.
disclaimers from escrow will not necessarily get them off the hook. For example, what sort of ID was used to verify this seller as "Rebecca." Was it a clever counterfeit ID or something that any fool would realize was fake. See where this is going? Nothing is exactly black and white in this matter.
 
6
•••
Look at this from domain lawyer @jberryhill posted in another scam thread where Escrow.com's role was discussed, and any liability they might have - probably none.

https://www.namepros.com/threads/i-...d-com-help-please.1059035/page-6#post-6515659


2. Escrow.com - they promise that they will receive funds and hold them until it is confirmed that the domain name is transferred. The buyer paid, the funds were received, the buyer confirmed receipt of the domain name. Boom - their job was done. They don't promise that there are no outstanding legal claims against a domain name, that the domain name is legitimately registered to whomever is selling it, or whatever.

This thread is kind of eye-opening to me, as I was unaware of the pervasive naivete among many members of this forum on how things can go wrong, or what sorts of things might be useful when things do go wrong. If anything, I guess part of that is the way that Escrow.com markets its service, which may convey a broader impression of security than many people believe. I mean, sure, could Escrow.com provide information on "things you might look into" before buying a domain name, to avoid being taken in? Yes, but that would be a silly move for them on a website festooned with pictures of locks and slogans like "SAFELY BUY AND SELL PRODUCTS AND SERVICES FROM $100 TO $10 MILLION OR MORE" on it.

Escrow.com has a very narrow job. Their marketing probably makes people think that they are immune from being scammed through them. You are not immune from that. Escrow.com has no duty or obligation to look at the history of the name, whether or not the domain data and their seller payment data make any sense, or the numerous other warning signs that were obviously present here. Escrow.com is not going to inform you of these kinds of things either, because it detracts from the impression they are trying to convey, in order to get a fee out of you.

KYC may be more about money-laundering regulations to protect Escrow.com, not buyer or seller.
 
6
•••
KYC may be more about money-laundering regulations to protect Escrow.com, not buyer or seller.
Superb point. Incontestably, that's not how they've been marketing it, but this may be the bona fide reason for it.
 
3
•••
There is case law on this sort of thing. For example UPS has a C.O.D. (cash on delivery) service (probably not used so much these days) where they must accept a check or cash from the customer at time of delivery, and send it along to the customer
https://www.ups.com/us/en/shipping/services/value-added/cod.page
Shipper may mark so that only cash or cashier's check is accepted.
Now, although there is a UPS disclaimer "The shipper assumes all risk related to the collection of the payment, including non-payment, insufficient funds, and forgery," there is case law in both directions on this subject. Some courts have held that the shipper assumes all liability, for example for a counterfeit cashier's check, but other courts have held UPS to at least some standard of liability, some level of duty, such as, as one court put it, not merely accepting any cashier's check, for example, not one "made out of toilet paper."

Which is why, as I pointed out above,

disclaimers from escrow will not necessarily get them off the hook. For example, what sort of ID was used to verify this seller as "Rebecca." Was it a clever counterfeit ID or something that any fool would realize was fake. See where this is going? Nothing is exactly black and white in this matter.
Xynames is an experienced attorney also, so I would give some credence to what he says.

Most likely the id was photoshopped.

There is no way escrow is going to assume the risk on every transaction when they are taking a fractionalized margin. They are essentially just holding assets, and providing a safe handoff. It has always been the one weak link in the process.
 
Last edited:
7
•••
I find the details interesting looking closely. When you buy a house, the transaction includes a thorough title search to insure ownership before effecting any transfer of title and recording it, and title insurance is purchased to insure no hidden liens, etc. So this sort of escrow at its low prices certainly could not perform the same.

“IES is fully licensed and accredited as an escrow company and is subject to compliance with all applicable escrow regulations, including the California Financial and Business Code.”

https://www.escrow.com/escrow-101/escrow-licenses

https://www.escrow.com/support/faqs/does-escrowcom-assist-in-the-domain-name-transfer

https://www.escrow.com/support/faqs...considerations-when-dealing-with-domain-names

This is very general, and not sure if concierge provides any checks.

Are services offered through Escrow.com safe?
Definitely. You and your transaction are protected every step of the process, thanks to our stringent logging, tracking, and verification procedures.

https://www.escrow.com/learn-more/how-escrow-works/domain-name-escrow

Regulation:
http://www.dbo.ca.gov/Licensees/Escrow_Law/About.asp

http://leginfo.legislature.ca.gov/f...ctionNum=17410.&highlight=true&keyword=Escrow

17410. R

(a) Escrow or trust funds are not subject to enforcement of a money judgment arising out of any claim against the licensee or person acting as escrow agent, and in no instance shall such escrow or trust funds be considered or treated as an asset of the licensee or person performing the functions of an escrow agent.
 
3
•••
I've skimmed through this thread, but I wanted to point out something interesting in the WHOIS history that I don't think has been publicly mentioned... The domain moved to ename for 10 days in October 2017.

Domain moved to "ok" status around 22nd September 2017, moved out on October 15th, back on October 25th. Nameservers were changed to "ns3.dns.com and ns4.dns.com" in the move. On 3rd November, nameservers moved back to their original (startlogic servers). Just something interesting to note there.


From my personal point of view, it looks like James did thorough due diligence, proving this to Web.com's team, too. Horrible situation that I hope is successfully resolved soon.
 
5
•••
I've skimmed through this thread, but I wanted to point out something interesting in the WHOIS history that I don't think has been publicly mentioned... The domain moved to ename for 10 days in October 2017.

Domain moved to "ok" status around 22nd September 2017, moved out on October 15th, back on October 25th. Nameservers were changed to "ns3.dns.com and ns4.dns.com" in the move. On 3rd November, nameservers moved back to their original (startlogic servers). Just something interesting to note there.


From my personal point of view, it looks like James did thorough due diligence, proving this to Web.com's team, too. Horrible situation that I hope is successfully resolved soon.
There was mention of a previous $19K transaction, could this be that ename requires proof of purchase, or some sort of evidence in ownership before they clear the domain, this was a dummy transaction to get the domain cleared at ename?
 
2
•••
1
•••
i created this domain for my business 22 years ago

my web site and emails were all up and running

out my domain. out my business presence

What is being stated is that a fraudster took possession of the domain thru their netsol account, then faked verification thru escrow, then requested a check, and cashed it. Buyer, and real owner caught up in the mess. That is how I understand it.

There is something i can't understand. It takes time to send a check and to cash the check. Probably days. How could "spoiltrider/Rebecca" not see her site is not working??
 
2
•••
There is something i can't understand. It takes time to send a check and to cash the check. Probably days. How could "spoiltrider/Rebecca" not see her site is not working??

@spoiltrider
 
2
•••
There is something i can't understand. It takes time to send a check and to cash the check. Probably days. How could "spoiltrider/Rebecca" not see her site is not working??
They next day fedex them, I did that a few years back, as long as you pay courier fee.

I agree with you, on site not working, I’m not sure what happend with the nameservers during the transfers, but looks like they got access to the email.
 
Last edited:
2
•••
Last edited:
2
•••
How fool he was?

First he tried to bought a 3L.com at 26K, another thing is why he don't used escrow service? I have seen people using escrow for $500 domain transfer. So no one should be blamed but only the buyer!
You are wrong at so many things. He is a domainer himself (Also a domain broker, but in this case it does not seem he is brokering) He is not going to give you end-user pricing. And thats how this industry works, buy for low sell for high.Check Namebio for recent LLL sales. You would find many names around this figure.
And He used Escrow.com. Check the buyer's post before jumping to conclusions.
 
2
•••
A lot of these Netsol disaster threads involve domains being taken out of accounts by Netsol weeks after they were sold, because the buyers had to wait 60 days to transfer out because of ICANN rules.

But it seems it is possible to override that if a registrar, and original domain owner, is willing:
https://www.icann.org/resources/pages/ownership-2013-05-03-en
60-Day Lock After Change of Registrant
After 1 December 2016, registrars must impose a lock that will prevent any transfer to another registrar for sixty (60) days following a change to a registrant's information. Registrars may (but are not required to) allow registrants to opt out of the 60-day lock prior to the change of registrant request.
 
2
•••
Back