Attempted domain hijacking at Name.com

[pooky]

Here's the sequence of events:

I bought an expired domain at another registrar six months back and transferred it to my Name.com account a couple of weeks later.
(I don't use whois privacy much, so the domain whois is public information.)

This is a 2-word domain, very valuable (not just my opinion). Not even close to being trademarked etc., just generic keywords.

Out of the blue, yesterday (Saturday) morning @ 3 A.M, I receive the following email from Name.com Abuse:

[Request received] 1st Notice: Transfer Dispute - *************.com

Hello,

Name.com has recently received a complaint that the domain name referenced in the subject line of this email, has been fraudulently transferred from a Name.com account.

This domain name is currently located in your Name.com account. Name.com has also noticed that the contact details assigned to your Name.com account are incomplete or inaccurate.

After our initial review, it appears the complaint we have received is valid. We have closed your Name.com accounts until we have had a chance to review this issue in greater detail.

If you could provide complete documentary evidence proving your legitimate ownership of this domain, as well as your purchase of these domains from the previous registrants, we would be happy to review the documentation in further detail.

A PDF scan of your government issued photo ID. This can take the form of your drivers license or your passport. Please note this is an important piece of information we require for our investigation. It allows us to verify your identity and confirm your ownership of the domain. If possible we ask that you submit an scan of your identification that contains an English translation of your name.


We are also curious as to how the domain came to be in your Name.com account, did you purchase this domain?

If so can you provide us a receipt of sale or a purchase agreement in which both parties in question signed to authorize the domains transfer?

It appears the domain recently transferred to Name.com, can you provide evidence of your bona fide acquisition of the domain (sales receipt / purchase agreement)? Along with an explanation as to how the domain came to be in your account?

If we receive no information from you regarding this domain within the next 2 days, Name.com may be forced to transfer this domain name back to the original registrant of this domain.

Thank you,

Thank you,
Name.com Abuse


At first I though this was another one of those spam/phishing mails, but the account control panel for the domain shows this:

Domain is Disabled
Warning! This domain has been disabled due to a breach of our registration agreement.
Please contact [email protected] for further details.


What disturbs me most about this:

Name.com has recently received a complaint that the domain name referenced in the subject line of this email, has been fraudulently transferred from a Name.com account.
After our initial review, it appears the complaint we have received is valid. We have closed your Name.com accounts until we have had a chance to review this issue in greater detail.

The domain literally could not have been "fraudulently transferred from a Name.com account", since it was at another non-related registrar for at least a few years, prior to expiring there. I transferred it to my Name.com account six months ago and the contacts have not been modified since.
How Name.com has come to this conclusion is beyond me.

Not surprisingly, the identity of the complainant has not been shared with me.


This domain name is currently located in your Name.com account. Name.com has also noticed that the contact details assigned to your Name.com account are incomplete or inaccurate.

My whois contacts for this domain are crystal clear and always have been. There's nothing more I can add, remove or modify.


If we receive no information from you regarding this domain within the next 2 days, Name.com may be forced to transfer this domain name back to the original registrant of this domain.

They sent me this notice on a Saturday morning (which is not a problem for me). However, their support is off for the weekend and they will probably see my reply only on Monday morning.
We had a cyclone pass thru the city last month, with internet connections down for 3-4 days. I shudder to think I could lose any domain I have at Name.com to a thief if I don't login to my email for a couple of days.


I have also raised a complaint with ICANN regarding their practices.

This seems to be an attempt at registrar-assisted theft of my domain.

I have sent them the purchase receipt, my ID proof and even screenshots of the domain purchase, along with a detailed explanation of the history of the domain, within hours of receiving their notice.

They have not contacted me back as of this posting.

 

[korganian]

Wow, that really sucks pooky.

They should have to disclose the identity of the complainant and make the complainant prove that they have a legally valid right to make such accusations against you. At the very least, the complainant should have to prove that they had kept up the renewal of that domain.

 

[usernamex]

Wow, what a nightmare. Their support is slow too - hopefully the abuse department is faster or higher priority than the regular support. You could also message them on twitter and facebook to call more attention to your issue - raise as many flags as you can!

Best of luck!

PS
https://twitter.com/namedotcom

https://www.facebook.com/namedotcom

facebook looks current, twitter looks unused

 

[pooky]

I believe Namepros is the tallest flag I can raise!

Been a long time since I was here, hope to stay this time...

I don't mind disclosing the domain name in a future post, if this thing goes south.

They seem to be so persuaded by the thief that they want to hand over the domain to the thief as soon as they can. It was not even in a Name.com account before I transferred it there, yet the focus of their email is that it was transferred from one.

The registrar where I had bought the expired domain had no problem with my purchase, so the thief has decided to use this MO.

 

[Beezy]

off-topic: but why would one transfer IN to name.com? Their support sucks, they raise prices all the time, they don't have expedited transfers, etc.

 

[pooky]

off-topic: but why would one transfer IN to name.com? Their support sucks, they raise prices all the time, they don't have expedited transfers, etc.

I thought they were a solid registrar and consolidated many of my best domains over there.

But now I see your point .

 

[Tia Wood]

twitter looks unused

I think you're seeing the pinned Twitter post. They posted several tweets a few hours ago.

I have tweeted and sent this thread to their Facebook page's messaging system. Hope it helps.

 

[pooky]

I think you're seeing the pinned Twitter post. They posted several tweets a few hours ago.

I have tweeted and sent this thread to their Facebook page's messaging system. Hope it helps.

Thanks for that, Tia!

 

[wwwweb]

What is the registration date, did it reset? They should not suspend your account, innocent until proven guilty? Anyone can say anything, They better get their head on straight, you are a customer, not a criminal, they should treat you as such.

 

[usernamex]

LOL yeah @tiawood , I wasn't paying attention

Name.com has NO active reps here, I have suggested it repeatedly every time I have to contact them. Drives me crazy to have email instead of real tickets

@Beezy - they tehnically have sort of expedited transfers if you email them, I am pretty sure you meant automatic, but in case anyone didn't know you can do it here
https://www.name.com/support/articles/206103837-Expedite-a-Domain-Transfer

After recovery from this incident sure @pooky will enjoy knowing how to transfer out : smile :

Having a two day window for you to take action when they are closed two days every week is ludicrous. They were gone the entire week between xmas and new years, at least it wasn't then.

 

[pooky]

@wwwweb The registration date is the original one, since it was an expiring purchase.

Google has only a couple of (non-english) results for the content of their email, and the domain owners who've been contacted that way seem to be helpless, from what translation is available.

@usernamex
Believe it or not I'm torn whether to transfer this domain out after the issue is settled.
The thief might decide to play the same game at the next registrar. I'm hoping the issue will be settled for once and all here.

But yes, I will be transferring most everything else out.

 

[GoKaizen]

Crazy, stole a domain from me too.

• I bought a new domain via an expired auction.
• I pay for the domain name, it renews.
• The domain goes into my account.
• I was excited since I wanted a News.tld domain for a project for awhile.
• I check previous registrant, it was Name marketing team.
• I'm nice, I email the marketing dept. asking if they want it back, if not I will use the domain.
• 1 week later Scott McBreen, takes the domain out of my account
• I get a paltry account credit
• Scott McBreen believes this is the 1940s, him and Rightside/Name = FBI, and he can take whatever he and his company wants from Japanese-Americans - http://www.densho.org/
  
• He licks his chops since Rightside is secretly using money from premium domain registrations to build new Japanese-American internment camps with gas chambers and ovens. He's leading this effort.
• Jared Ewy calls me and says I can have the name back, if I do marketing video with Name/Rightside about the colossal F$@$-up.
• I try to call Scott McBreen and leave a message, he refuses to call me back.
• I try to call Jared Ewy back many times to try to be reasonable about the situation, he will only leave messages on my phone.
• He admits in one of his messages he doesn't pick-up numbers from my US area code, WTF?
  
• I decide I don't need to be a donkey/horse with a dangling a carrot (News.social) in front of me
• I have nothing against donkeys/horses. At least they are honorable creature unlike the F$@-sH$#ts at Name/Rightside
• I take a positive review of Name down from my website and remove any mention or positive mention. The review had still had good SEO rankings.
• I transfer most of my domains out of Name and will NEVER do business with Rightside
• I post here
• I HATE new gTLDs and write to several people explaining the situation who own Rightside extensions. They decide to stick with .COM.
• Will only build on .COM/.ORG and ccTLDs in the future
• Will tell everyone I F#%%^ can what a mistake new gTLDs, and my story, to anyone that will listen for YEARS

https://www.namepros.com/threads/a-...uture-of-new-gtlds.962844/page-13#post-570243

 

[Rob Monster]

In this particular case, the registrant is known to Epik. While I won't comment on the merits of this case, in fairness to another registrar, I will restrict my comments to how Epik handles cases similar to this one, and offer perspective on the industry conditions that are causing some registrars and escrow agents to engage in what, to the casual observer, may seem like Draconian measures.

In general, Epik is known in the industry as the "Swiss bank of domains". A big part of that brand identity is Epik's policy of providing free whois privacy. We view privacy as a right, not a privilege. That being said, the brand identity also extends to how we handle domain registration conflict situations, as well as our periodic role as advisor on intellectual property strategy, or as non-partisan ombudsman in resolving conflict cases, particularly in cases where a casual review of the facts may be inadequate. For example, we have participated in the recovery of multiple domains lost at other registrars, where we were able to vouch for the character of the registrant in re-securing a domain. As a matter of course, I believe sending a case to WIPO is a waste of everyone's time, including ours, so we'll usually seek a practical resolution on behalf of a registrant.

As for the case of a domain that Epik controls where there is a credible claim of fraudulent conveyance, what we may do in that case is transfer lock a domain long enough to engage the registrant in a discussion about the domain history. The case here of actual removal of a domain from a customer account, and updating the WHOIS seems heavy-handed but the folks at Name may well have had their reasons. This does not mean we will protect a verified crook. We won't. However, we will protect a legal registrant long enough to gather the facts and render an informed opinion.

Sadly, the domain industry is seeing what appears to be an uptick in ("white collar") crime. The enforcement mechanisms are sadly still not in place, meaning that every registrar is left with a certain burden to serve as Sheriff of their own registrar since the official channels are invariably too slow, and/or too expensive to protect downstream victims of the same fraud, e.g. a stolen domain which gets sold multiple times across multiple registrars. Escrow fraud, payment fraud, and parking fraud are also as rampant as ever, presumably motivated not by greed but by individuals who have run out of legitimate options to provide for their families. As a Bible-believing Christian, I pray for the souls since a life of crime is most definitely no way to live.

Hope that helps.

 

[urlurl]

My guess is the person or company forgot to renew the name and when they found out they went searching for it. Finding it at name.com they just assumed it was stolen.

Or, could be as you said an attempt to get/steal the domain.

where did you get the name?

 

[pooky]

Rob, thank you for your detailed inputs. I appreciate Epik's conflict resolution policies.
That's all I ask for - the registrar giving the current registrant enough time to tell their side of the story.

I am 110% sure I could rebut any 'evidence' provided by the complainant.
I thoroughly document all my domain purchases (expired or otherwise) and maintain detailed records for any such eventuality.

The sad thing about this notice is that Name.com does not seem to have applied their mind or time to look into this complaint and so much of the notice is generic. Yet they have shot first and kept the questions for later.

For the record, I have never used whois privacy for this domain.

"It appears the domain recently transferred to Name.com..."
This is January 2017, I transferred the domain into my Name.com account in August 2016. I guess 'recently' depends on individual perspectives.

"Name.com has also noticed that the contact details assigned to your Name.com account are incomplete or inaccurate."
I have had accounts with them since 2013, now they find my details "incomplete or inaccurate".

Even worse, if I had sold the domain to someone in the meantime, as I have/had every right to do, this would have compounded my problems.

@urlurl
It is puzzling though how Name.com alleges that the domain had been "transferred from a Name.com account" to my Name.com account. Surely it is impossible for their records to show that, because it was transferred in from another registrar. I will leave the registrar where I bought the domain out of this for now.

Also, Name.com also sells their expiring domains to the next interested customer, so it is strange that they have not considered even the possibility that it could be a misunderstanding because of an expired purchase.

I was impressed by their 2-factor authentication, but didn't think the registrar would be the one 'invading' my account.
And... no reply from them yet.

 

[Rob Monster]

@pooky - My guess is that this case may have been the well-intended initiative of some overzealous staff member on the weekend. In the event that the case is not resolved amicably within this coming week, I will sit down with Rightside management at Namescon and will be happy to address this issue with them. In my experience, the larger registrar owners/managers are reasonably capable of getting to the truth, and self-adjudicating cases like these. Also, keep in mind that not all registrar execs are logging into NamePros on the weekend.

 

[pooky]

Also, keep in mind that not all registrar execs are logging into NamePros on the weekend. :)

They should be.

But seriously, one would expect them to honor their own 2-day deadline for such a dispute, weekend or otherwise.

I would appreciate any help from you regarding this. I'll update this thread as soon as I get a reply.

 

[urlurl]

where did you buy the name, from; another person, resale auction, expired auction, etc

 

[pooky]

@urlurl It was an expiring domain.

 

[urlurl]

that rules out you bought a stolen domain without knowing, so it may be one of the two motives i mentioned above.

 

[RegBoss]

You could try using whoisdomain and see the registration history and name servers perhaps.

 

[pooky]

Just been confirmed. The domain was never at a Name.com account, before I transferred it into my account there.

The domain whois with expired nameservers is still visible at some sites with older data and in the record. (I already took screenshots of those when buying the domain)

http://who.is (which is partnered/owned?) by Name.com shows my current accurate whois info.

 

[pooky]

Received an update from Name.com:

Thank you for your response and for providing the information necessary for our review. Name.com received a complaint from an individual claiming to be the previous owner of the domain from contacts previously associated with the domain. It is not Name.com's policy to disclose such information on a Complainant in the absence of appropriate legal documentation, you may however find more information on previous owners via a service, such as Domaintools.com, that retains archived Whois data.

Please note that this investigation is in the early stages and Name.com will review all evidence (Transfer Authorization Forms, IP addresses, Whois contacts at transfer etc.) provided by the parties involved prior to rendering a final decision. Name.com takes all complaints seriously, as is our policy, and even though the domain transferred to our platform 6 months ago, a thorough review will be conducted. Name.com is in contact with the previous Registrar and is awaiting a response in regards to their own review.

Name.com apologizes for the verbiage in our email regarding the Account Contact details and we have made changes to the template in an effort to avoid frustrations moving forward. Name.com has verified that the Account Contacts are valid and no further information is needed from you in this regard.

Name.com would also like to note that your account is not closed and this domain is not disabled, it is simply secured from transferring pending the outcome of this review. If you wish to make any updates to the DNS, please respond to this email and we are happy to assist.

While we are sad to lose your business, our policies are in place to comply with both ICANN policy and the terms of our own Registration Agreement. Name.com is happy to assist with the transfer of your domains to another provider if you would like. When the transfers have been initiated and you have clicked the approver links sent from the gaining Registrar, respond to this email and we are happy to approve the transfers and expedite the process on your behalf.

Name.com will be in touch within the next 24 hours with further information regarding this case.

Thank you,
Name.com Abuse

 

[urlurl]

that seems reasonable

 

[pooky]

Update from Name.com:

Hello,

Name.com has determined that this transfer completed in line with ICANN policy. The Compliance Lock previously set to the domain has been lifted as there is no evidence of fraudulent activity. You are now able to log into your account and make any updates to the domain at your convenience.

Once again, Name.com is happy to assist with the transfer of your domains to another provider. When the transfers have been initiated and you have clicked the approver links sent from the gaining Registrar, respond to this email and we are happy to approve the transfers and expedite the process on your behalf.

Also, we confirm that the email you reference is coming from the Name.com Compliance departments CRM.

Certainly let us know if there are any further questions.


Thank you,
Name.com Abuse


Following that, I have received an email from the complainant wanting to buy the domain.