IT.COM

alert CV.com Is Returned to Its Rightful Owner

Spaceship Spaceship
With just 676 domains in existence, two-letter .COM names are some of the most sought-after properties on the Internet. Thanks largely to interest from Chinese investors, these names now routinely fetch six and seven-figure prices. Two-letter names are liquid domains that can easily be resold within a matter of days thanks to the number of investors around the World who covet these as assets. It’s this liquidity that can make these a target for domain thieves.

Last week, we noticed that the domain CV.com had moved from Network Solutions to GoDaddy and started to display a new website. Typically, this would signify that the domain had sold, but not in this case. It turns out that the domain had been given back to its rightful owner after an investigation by Web.com, owners of registrar Network Solutions.
cv.jpg

This news came to light after speaking with Amanda Waltz, executive director at Brandit, a brokerage company that marketed the domain for a brief period last year before the theft came to light. According to Amanda, the domain was originally owned by a French company, who sold this valuable name a couple of years ago to a husband and wife, who happen to have a Chinese surname.

The thief created an email address that was of Chinese surname decent and transposed two letters. For example, a “@Chiang.com” email address would have been changed to a “@Chaing.com” address, which helped to transfer control of the domain with little detection. According to Amanda, it’s also likely that the thief hacked into the couple’s registrar account for a brief period of time, with the domain transferred to the thief’s possession using that very similar email address.

The two-letter domain transferred into the possession of the thief in October 2017, with just the email address subtly changed. This made it extremely difficult for registrars and brokers performing due diligence to spot any problems with the domain.

According to DomainIQ's WHOIS history tool, the name moved into the possession of Web.com's legal team in January 2018 following work from Amanda to confront the imposter.

Following an investigation, the domain was given back to the original owners and has now been moved under privacy protection to GoDaddy.

Securing assets such as CV.com against theft should be a high priority for owners. Many registrars and email services encourage users to introduce two-factor authentication and other security measures to protect their accounts. NamePros own @Paul Buonopane produced an article about domain theft that provides further reading on this matter.
 
23
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
People really need to use two factor authentication. When will people realize?
 
4
•••
People really need to use two factor authentication. When will people realize?
sometimes they were comfortable within their safety zone for decade before stumbled into security problem and then suddenly they just realized....
 
5
•••
Wow man, glad to hear that they were able to get the domain back.

Must have been torture for them almost losing a beauty like this.
 
5
•••
I'm seeing a number of domains returned to their rightful owner.

There should be a much simpler process to have a procedure in place that gets the domains back to their rightful owners faster.

Nonetheless it's always good news when property gets returned to the rightful owner.
 
4
•••
People need to realize there is no "hacking" going on here, there is no guy in a hoodie sitting a dark room on a laptop, just a scammer calling up your Registrar or Internet provider (or whoever holds the email attached to the domain), pretending to be the owner (using freely available WHOIS address and phone data) to get the account reset, then take over the emails attached to it. Then it's simple to transfer the domain without anyone being the wiser.

If there is 2-step authentication, then the scammers call your cell phone company and using WHOIS data, try to get your phone number ported to a new phone/sim. Bingo, they are in your account.

This is called social engineering and it relies on the stupidity of the other person on the line at your Internet provider, Registar, Bank, Cell Phone Company and wherever else you do business. And trust me, these CSRs are not related to Einstein.

I spoke to some guys I know in RCMP and they said there is a HUGE wave of social engineering blocks in Africa (i.e. there are entire neighborhoods in Marakesh doing this) that are mass calling and trying to get bank, registar, email and cell phone access using WHOIS and other publicly available data sources. Apparently the losses are staggering.

Until I got rid of my .US and .CO.UK domains that do not allow WHOIS privacy, I would regularly get email and phone security alerts that someone was calling in and trying to change my account, and the last few times it was traced back to Morocco and Nigeria. One time they almost got me, as some moron at Bell changed my email password for them (not attached to any Registar account, thank God), but I quickly changed it back.

Since I deleted those offending domains, I have not had a single problem, so it's pretty obvious WHOIS is being mined for nefarious purposes like identity theft, bank account access, and domain theft, among others.
 
5
•••
People really need to use two factor authentication. When will people realize?

It doesn't matter, as the scammers just call your cell phone company and get your number ported.
 
2
•••
This is why I have suggested and really like, secret questions. Cant be ported, cant be impersonated.

I know of only one registrar that has two factor and secret questions combined.
 
2
•••
This is why I have suggested and really like, secret questions. Cant be ported, cant be impersonated.

I know of only one registrar that has two factor and secret questions combined.

Exactly, and I have lobbied my service providers for SECRET CODES and some of them have provided this. No way to break that puppy unless you kidnap me.

I don't trust questions that have anything to do with your past or preferences or have a set number of choices, as they can be social engineered or brute force broken - like my bank, it uses "Favorite Color" from a drop-down list - WTF?
 
3
•••
I definitely agree with the two factor verification.

However, do we see the common denominator here? Many/most of the domains that were stolen (recently) were stolen from Netsol. Get your valuable domains out right away people.

I always wonder why people leave their valuable domains at Netsol; but then again many don't know better.
 
2
•••
I definitely agree with the two factor verification.

However, do we see the common denominator here? Many/most of the domains that were stolen (recently) were stolen from Netsol. Get your valuable domains out right away people.

I always wonder why people leave their valuable domains at Netsol; but then again many don't know better.

Netsol is like a plague that needs to be exterminated.
 
2
•••
That's a great asset. recovered by the owner! That's a great and wonderful job. But how would the owner felt when such asset was stolen?
 
0
•••
THANK YOU but

With just 676 domains in existence, two-letter .COM names ....

What is wrong on this ❓

There are much more

ā is a regular Latin letter
I bet this is not in your measurement

Sorry to tell you... 🤓
 
0
•••
THANK YOU but

With just 676 domains in existence, two-letter .COM names ....

What is wrong on this ❓

There are much more

ā is a regular Latin letter
I bet this is not in your measurement

Sorry to tell you... 🤓

You know that “ā” is an IDN transposed to XN—YDA and therefore couldn’t be classed as a single letter for domain purposes.

That’s why you were able to register a certain “single letter” .com.
 
1
•••
Until I got rid of my .US and .CO.UK domains that do not allow WHOIS privacy, I would regularly get email and phone security alerts that someone was calling in and trying to change my account, and the last few times it was traced back to Morocco and Nigeria. One time they almost got me, as some moron at Bell changed my email password for them (not attached to any Registar account, thank God), but I quickly changed it back

The *.uk registry has no issue with privacy and many *.uk registrars have provided traditional WHOIS privacy service to their domain name registrants for many years. The registry has also had an optional registry privacy framework that registrars could have chosen to use but due to the forthcoming GDPR changes, that service is being terminated and a proxy service will be made available following a further consultation in June 2018.
 
0
•••
The *.uk registry has no issue with privacy and many *.uk registrars have provided traditional WHOIS privacy service to their domain name registrants for many years..

I could not get CO.UK privacy to work with UniRegistry - I would click the Privacy bar and it would not stick.
 
0
•••
I would like to know if I bought a domain at afternic ,or godaddy or sedo and spent 50k ,are the companies liable to make sure the domain is not stolen,after all a 50k transaction is 10k for them ,so whats the verdict
 
0
•••
I could not get CO.UK privacy to work with UniRegistry - I would click the Privacy bar and it would not stick.

Uniregistrar d/b/a Uniregistry appears to have issues supporting certain aspects of *.uk. I’ve experienced a different issue with them and have given up trying to explain it to them via support tickets. I understand why they have the issue but they weren’t able to comprehend my explanation relating to orphaned contact objects at the registry being deleted by the registry so I’ve given up.
 
0
•••
Back