security Domain crime : Abdullah.com and ASAD.com are stolen domains

[News]

Two domains of Arabic interest have been reported as stolen; both ASAD.com and Abdullah.com were taken away from their legitimate owner, Abdullah S. Jafari.

NamePros moderators have confirmed that the domains have been stolen, by contacting their legitimate owner...

Read More

 

[Nem0]

Wow. People. Lock up your domains with 2fa and dont click links in email.

Asad.com was just auctioned off here at NP I think

 

[mattG]

Wow. People. Lock up your domains with 2fa and dont click links in email.

Asad.com was just auctioned off here at NP I think

I'm pretty sure I ran across abdullah.com up for auction here too

 

[Eric Lyon]

We restricted the seller's account yesterday and removed their marketplace access before the auction ended and alerted everyone about it.

The post is here: https://www.namepros.com/posts/5329609/

 

[JB Lions]

We restricted the seller's account yesterday and removed their marketplace access before the auction ended and alerted everyone about it.

The post is here: https://www.namepros.com/posts/5329609/

What about his first one, that one ended - https://www.namepros.com/threads/sold.917594/

"It’s the second time in as many days that premium, stolen domain names have been peddled for sale by Russian cybercriminals on NamePros."

It's been suggested by many people, and if you polled the members here, I think they would be fine with some sort of selling restrictions on newbies. Or some sort of steps/verification before they were allowed to sell here. New member selling those type of names in a forum, should have raised some flags.

 

[Eric Lyon]

That's up to @venturefile.com to share details about.

I think they would be fine with some sort of selling restrictions on newbies.

Another solution could be to choose not to bid on auctions by new members, if they'd like. From what we've seen with auctions, though, many members still want to bid on auctions by new members, because most new members are legitimate.

The scammers are a minority.

 

[mikenormal]

I'm pretty sure I ran across abdullah.com up for auction here too

Yup you are right, I saw it too.

 

[venturefile.com]

I asked for payment on delivery with a transfer to be done away from the russian registrar. The seller said no problem and I thought it was a bit odd, but since he answered the whois email I didn't suspect anything... Then yesterday @wwwweb alerted me that he called the previous owner and that the domain was stolen.

If the transfer would be completed I would have returned the domain name to the previous owner but it wasn't completed yet and was cancelled yesterday. I guess that Netsol must have got the domain back. So everything turned out well here, I didn't lose any money, the thief didn't get any money and the rightful owner will get his domains back.

 

[Ram G.]

@wwwweb great service you did there. Kudos.

 

[Acroplex]

I've confirmed with the owner of Jada.com that his domain was stolen. He's working with Network Solutions to get it back.

 

[JB Lions]

That's up to @venturefile.com to share details about.


Another solution could be to choose not to bid on auctions by new members, if they'd like. From what we've seen with auctions, though, many members still want to bid on auctions by new members, because most new members are legitimate.

The scammers are a minority.

I don't know if that's actually true, hence the suggestion of a poll if you really want to know for sure. In the suggestion thread somebody posted:

"Lock new members out of having their own auctions until they pass a multiple choice test about the auction rules."

That got 5 likes, actually I guess that's just talking rules.

And it doesn't stop the many members who want to bid on auctions by new members, they'll just know they've been vetted. Based on other threads, I think NP wanted more self moderation, hands off approach. Of course, a newbie, selling great domains, in a forum auction format, is a 3 (red) flagger, so bidders should have figured that one out. When I read the blog post mentioned above, I was thinking, does NP want to become known as the place where you can peddle stolen domains? Eh, nevermind.

 

[iowadawg]

A minority are scammers is like saying a minority are killers.
You will get the short end of the stick in any event running across such people.

I agree with JBL that new members wanting to sell domains need some restrictions to avoid being scammed by that minority.

 

[Eric Lyon]

Most major marketplaces have WHOIS verification, but that doesn't help with stolen domains, because the WHOIS information is the thief's details by that point.

Making all new members suffer and not be able to list domains because of a few bad apples is more of a problem than a solution, and it will not prevent the sale of stolen domains.

Domain theft and resale is increasing, and it is affecting the major domain marketplaces. There's a good chance that a lot more of it goes unnoticed at other marketplaces because they handle it quietly (delete the sales listings) unlike here where everything is public information and can be referenced.

The best solution is for everyone to do their due diligence and please report anything suspicious. As you can see, we act as quickly as possible when it's brought to our attention and we shut it down.

 

[Bannen]

The best solution is for everyone to do their due diligence and please report anything suspicious. As you can see, we act as quickly as possible when it's brought to our attention and we shut it down.

Also, trust your gut and say something if there's any alarm bells. When I first saw the thread for Abdullah.com I immediately heard those bells in my head. I hear them all the time anyway, along with the chipmunk voices, my therapist says ignore them, but never mind that for the moment, I'm just sayin'.

I saw the sales line for Abdullah in the 'auctions' area; first bell. I thought 'why would an owner of a premium domain be trying to auction it in the auctions instead of the top domains?' My first suspicion was he was maybe afraid of the vetting process of the top domains area, that it might reveal something he didn't want revealed.

Then there was the price: BIN of $5K. Second bell. I broker premiums for a good friend of mine, one of the original domain pioneers, and I have a good knowledge of values. 5k bin for this was a big red flag. Like if you're selling a luxury mansion in Malibu but you're only asking $500k for it. Something's wrong. Not that it's a million dollar name, but 5K even reseller price is far too low. He could have left himself a much higher BIN ceiling for this name. BIN it at $25K, and even if the bids stop at 5K, whatever. With that BIN, my thought was he wanted a really quick sale and was willing to sell unrealistically low in exchange for a speedy sale. Suspicious, even theoretically considering it might be a seller desperately needing cash.

There were a handful more alarm bells about other things, interspersed with the chipmunks singing, but it was more than that: each individual thing could have been explained and rationalized... but my gut just said 'nope, no way' to the entire way he did it. I listened to my gut, and without doing any research vis-a-vis seeing if the domain was stolen, I figured I'd interrupt that thread and mention my concern. I'm glad I did.

I think the other members bidding there probably had their suspicions, too, and I expect even if I hadn't said something that someone else would soon put the kibosh on it. But sometimes... you get caught up in wanting that too-good-to-be-true price for a premium, and you just bid and do only surface due diligence and hope it's legit, and things progress a little further than they should. I'll tell you how much my gut was telling me it was bogus: if I'd thought it was legit, I or my buddy would have pulled the trigger and bought it at BIN in a second, bypassing all the bidders. I'd have thought 5K for this one was a steal. - Turns out, it was

My point is: I'll bet everyone in that thread, and looking at it, had some part of their instinct saying 'no way, this is too good to be true'. It's a good lesson to listen very clearly to that little nagging feeling breathing over your shoulder. I know you don't have the added benefit of chipmunks helping you, so you'll just have to struggle through it on your lonesome.

Best wishes to the legit owner of both these stolen domains, hope he somehow gets them returned in a not-too-painful process. Would be nice to be kept updated here.

 

[Bannen]

P.S. Thank you Eric for once again being Johnny-on-the-spot, making some phone calls, and revealing the theft.

Once again, Namepros wins against the evildoers! The feds should be hiring us to flush out any hiding terrorists. However, knowing how they operate, instead I expect my use of the word 'terrorist' here (twice now!) has been flagged by their computers. As we speak a find-and-grab team has been dispatched and soon I'll have a bunch of black-suited sunglass-wearing guys smashing through my door yelling and taking me down.

Hang on, there's the doorbell. If I don't post anymore, tell Eric to start making some calls. I hope he's as good at finding a stolen domainer as he is at stolen domains.

 

[eurorealtor]

Most major marketplaces have WHOIS verification, but that doesn't help with stolen domains, because the WHOIS information is the thief's details by that point.

Making all new members suffer and not be able to list domains because of a few bad apples is more of a problem than a solution, and it will not prevent the sale of stolen domains.

Domain theft and resale is increasing, and it is affecting the major domain marketplaces. There's a good chance that a lot more of it goes unnoticed at other marketplaces because they handle it quietly (delete the sales listings) unlike here where everything is public information and can be referenced.

The best solution is for everyone to do their due diligence and please report anything suspicious. As you can see, we act as quickly as possible when it's brought to our attention and we shut it down.

Well, it may sounds weird, but maybe better to be auctioned a stolen domain on the NP than anywhere else, because it's the best chance that the scammer will be caught here than elsewhere, without anyone loosing money.

 

[alcy]

lol
I thnk when I watched abdulah auction the seller even had nerve to say at some in thread to contact him by pm and not spam his thread with question about ownership

that's just lame.

 

[Abdullah Abdullah]

Good to know. Some new members seem to be creating problems but a scammer will always be a scammer even if you have rules to prevent them from selling or buyung the minute they sign up.

 

[daj]

If only I owned a premium domain so I can have that domain stolen. I guess that's how you know you made it in the domain industry.

 

[QueenMother]

I would like to see in all the titles of stolen domains WHERE they were stolen from. Is there a Pattern of lack of Security?

 

[Acroplex]

I would like to see in all the titles of stolen domains WHERE they were stolen from. Is there a Pattern of lack of Security?

Lack of security as it applies to the Registrar? That was true with Moniker a year ago when they were targeted and dozens of domains were moved out.

It might be also true with eNom, when a particular issue led to a few domains being stolen without a password needed.

It is not true about GoDaddy, despite a large number of domain thefts occurring there. As the biggest domain registrar, GoDaddy is being targeted by phishing emails. In other words, the registrant is being social-engineered into surrendering their username/password, but that' s not a security issue per se.

Enable two-factor authentication at GoDaddy and anywhere else that it's available.

 

[QueenMother]

Thanks for the clarification, however, I think the registrar should always be mentioned.

 

[Acroplex]

What is your registrar of choice, Ilze?

 

[QueenMother]

That is so easy! My registrar of choice is www Namepros.ca
I transferred all my dot coms nets, etc to them. away from Moniker.
As you know, I would never put a domain at GD. I like having all my domains on Canadian
soil, and with a registrar that is not HUGE. The support there is amazing. If I need an auth
code, they have to be requested by email. It might sound like a hassle, but it is not. I love the
security. I have a few domains at ENOM. The bottom line, is that security rests on the shoulders of the
Registrant, but if you own hundreds, and thousands of domains, it is hard, if not impossible to monitor them.
Although Security is important, having an interface that is easy to manage my portfolio is also where
the Canadian Registrar, Namespro excels. If I ever "kick the bucket", I want my family to be able to go to
ONE registrar to find my domains. So, that registrar is Namespro.ca

 

[Acroplex]

Let's focus on security vs. what makes a registrar great, or this will turn into a biased analysis of one's preferred registrar.

Personally, I have not lost a single domain other than with Network Solutions, and that was in 2000.

I use GoDaddy, Uniregistry, eNom, Fabulous and Name.com. Because I follow simple instructions to securing my domain accounts, such as two-factor authentication, I can support my analysis of the domain theft issue. No interface that makes domain management easy can ensure security, which boils down to how one uses the registrar's additional layers of security and user practices that utilize them.

Domain monitoring is the byproduct of security. With all that in mind, does Namespro.ca offer two-factor authentication? That's what matters when it comes down to security these days.