Dynadot

advice Premium Domains Almost Stolen...twice!

Spaceship Spaceship
Watch

domains101

Established Member
Impact
12
Hi everyone, ... story time.

Going back to January this year we had a 2 letter .com domain name stolen from a GoDaddy account. The intruder somehow gained access to the account and changed the registrant email, then initiated a transfer of the domain. As the transfer emails ended up in the intruders email by the time we noticed the domain was long gone.

We contacted GoDaddy about this and they passed the book 100 times and were really unhelpful. It even got to the point where they stopped replying to our customer support emails. We contacted an intellectual property lawyer who advised us to send a request for all account information including logins, account changes, and phone records. Upon requesting this GoDaddy contacted us shortly back saying they have started to transfer the domain name back into our account. And we did get the domain back, but strangely enough we didn't get the requested information.

We have heard that if you ring GoDaddy and try to pass security you get unlimited attempts. So you can keep guessing over and over again until you gain access. I am unsure if this is true. Also, I've heard that GoDaddy sometimes outsource work over busy periods and holidays etc which can lead to an inside job. Also unsure if this is true. Either way, to me it doesn't look very trusting of GoDaddy.

Now moving on...

Just this week the same thing happened to our enom account. Only this time it was 37 LLL.coms that were at risk. The intruder got access to the account and changed the registrant contact information then initiated the transfer of each domain from enom over to a chinese GoDaddy account.

Fortunately, we managed to catch it in time and block all transfers! Upon ringing enom they have gone silent and suggested that someone has hacked our work laptop, maybe?... I guess this is plausible but the computers are all up to date with security features such as firewalls, malware and virus detection software. And in both cases mentioned above the accounts were never once accessed via the same computer.

So my warning to you all, lock everything up as tight as you can get it! Enable two step verification where possible. Transfer domains to the most secure registrars (whoever that may be, please let me know!).

This method of stealing domains must be working for the scammers. We've been attacked twice and both times the transfers have started on the domains.


---

My other advice is sell everything and buy some land. At least a hacker can't come and steal it over night.
 
9
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Or buy the most valuable names that way people recognize the name like that and it will be impossible for the thieves to resell without getting caught ...
 
0
•••
I have an older laptop running Linux that I use to access my registrars. This laptop is used for nothing else. And my password is long and crazy.

If someone has been breached twice and the passwords are strong, then I'd suspect malware / keystroke logging.

ps - this is perhaps a bit more paranoid but I don't reply to domain inquiries with email from the address in the domain record. I don't want to give any email header info. I reply via a gmail acct that, yup, I use for nothing else...
 
Last edited:
1
•••
My other advice is sell everything and buy some land. At least a hacker can't come and steal it over night.
Yeah, I already bought some land on Moon :)
 
1
•••
---

My other advice is sell everything and buy some land. At least a hacker can't come and steal it over night.

Please talk to divorce lawyers about that, the money lost daily to getting hacked during that time is greater than if someone hacked all domain accounts on the planet.

Please invest in proper computer and network security. Either your machine got some phishing software loaded onto it or maybe some wifi you used at some point collected info etc. Hacks today rarely happen by someone sitting and guessing passwords.

Without common sense no investment is secure, people lose money in "sure" things all the time.
 
0
•••
0
•••
Don't keep valuable domains at Enom. Almost all the domains that were reported stolen was from Enom.
 
1
•••
I've had my keystrokes logged and accounts hacked.

It was a nightmare. I didn't know they were on my machine and would change passwords and then they would change the passwords on me. I finally had to get a new computer in order to get rid of them. It took me a month to secure everything and go thru all my account and lock them up, change info, look for backdoors.
They had my old email and I couldn't get access back to it.

I would have killed them if I had found out who it was. Believe me, I was looking for them. Lucky for them, I couldn't find out who it was. I would have bought a ticket to china or russia to get their @ss.

I'm much more cautious/paranoid now.

Check your accounts often, they might still be in your computers. They are really good at this stuff.
 
1
•••
Everyone is saying to check the machines but two different accounts were hacked which were each accessed via a different machine. Also the machines we do have are upto date with the latest virus and malware protection. Passwords are different and strong for all accounts too. Even within the last year the ISP has changed in our office.

This is why it is strange. A domain lawyer we spoke to thinks the GoDaddy hack was an inside job. As the enom one...I don't know. First time the account has been hacked in over 10 years of use.
 
1
•••
To the OP - the following email is making the rounds, offering for sale LLL .com's that you've listed here on NamePros before.

Because of this post mentioning how your domains were at risk can you confirm that you're the following person:

Hi,

I am retiring to a life of farming in Pakistan & decided to sell my domains to raise the $22m needed. All prices are firm, first to initiate escrow.com transaction with [email protected] wins.

xgv.com
xzv.com
zbv.com
zcv.com
zdv.com
zfv.com
xvz.com
exu.com
hxo.com
yif.com
oex.com
hza.com
ioz.com
ixr.com
izt.com
pwu.com
qov.com
vnq.com
ozn.com
uzv.com
ocx.com
sfv.com
kaq.com
rij.com
cji.com
otk.com
oex.com
kug.com
riy.com
iyk.com
oyk.com
yrk.com
tyd.com
fyn.com
ylh.com
dof.com
okf.com
Mud.com
Fog.com
Begged.com
Doubledealers.com
Fastfm.com
fuzziness.com
Gerle.com
Hillbilly.com
Htmlwebsites.com
Investyourearnings.com
iOffers.com
Loseout.com
Lucked.com
Millwood.com
NationIslam.com
Recoverers.com
SheikhMaktoum.com
SnackPot.com
TextTraffic.com
PennyHylton.com
InternationalSimCard.com
Intend.com
FunnyIndia.com
FunnyFails.com
PeopleToPleople.com
PropertiesinBahrain.com
PropertiesinOman.com
PropertyinQatar.com
RealestateinSaudi.com
Riyal.com
Khaleeji.com
Salaam.com
Jannah.com​
 
4
•••
Tagging @Eric_Lyon to ensure things are in order.
 
0
•••
Thank you for bringing this to my attention. This is indeed my colleague. The part about moving to Pakistan to be a farmer is just his terrible attempt at humour. I can confirm these domains are safe in our account and they are indeed for sale.
 
2
•••
hmm putting these out there in hopes of raising 22m is no joke IMO...does nothing for credibility
 
0
•••
1
•••
We got the same mail too. Obviously targeting known domainers.

Frankly you would fetch more by putting them on NJ (but sell just a few at a time).
 
1
•••
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back