Domain Theft

[Commerce]

Hard to believe after nearly 25 years, but I got hit by criminals who have stolen a number of my domains. Any insights beyond working with the registrar of record to resolve this quickly?

-Commerce

 

[Samer]

Because it's where the SnapNames successful drops are homed. We don't have options. Time the authorities did take a look. They do have a duty of care for the public's property if they are allowed the role of caretaker.

This.Thank you my friend! so much. This ^^^
Network Solutions WORST Out of ALL REGISTRARS

 

[Commerce]

Is there an update on the status of the recovery?
Really hope you got it back promptly.

Bob, thanks for the question. At this point, every message I am sending to the registrar is being bounced through their normal and recommended contact method per their emails. I'm starting to get more than a bit frustrated by a phenomenal lack of communication. As a thank you, my registrar actually has now blocked my account with them. Kind of outrageous behavior for a customer who has been with them for longer than their current owners have held them. I'll keep you posted as I figure out how to navigate the system and get things back. Hopefully some of my discoveries may help others who may go through a similar experience.

Based on voice discussions, I understand the abuse team is on it, however I was also told I should have expected a phone call today that never happened. Will update tomorrow evening.

 

[CraigD]

Getting a good registrar and two factor security stops this.

When I phone godaddy they will not talk to me until I give them my generated code from my google authenticator.
It does not matter how much personal information I give them. It is because I asked for that service, even a simple support call needs that code so nobody can scam the support agent.

We are all human and with a lot of personal information it can look to the agent like he is talking to the domain owner.

The authenticator is your friend and even more secure than two factor with a text to your phone.

GD already have PIN numbers in place for security. My concern with 2FA is that it introduces another level of authentication that can be hacked. eg. Your phone number could be ported or your phone could be stolen, or you could cancel your phone number for whatever reason.

Increasingly, the onus of security is being placed on the end-user or other 3rd party services.

 

[Bertrell]

My concern with 2FA is that it introduces another level of authentication that can be hacked

That is the primary issue with a certain type of 2FA--SMS--which is better than none at all, but still vulnerable via the example you gave. It is much more difficult to hack when an authenticator app/program (TOTP) or a hardware device/key (U2F) is used.

Making sure your phone stays locked when not in use helps, as does enabling password/biometric-protected access within the authenticator app itself. A number of registrars offer 2FA (some include a support PIN, like you mentioned--Epik also comes to mind). I have domains with several of them and 2FA is enabled at the account access level. Many also offer the additional option to enable 2FA for most domain configuration changes.

 

[bulkdomainz]

This scenario makes me wanna put all my names with a local registrar. If anyone tries this sh** with me, I'll be in court in a flash for an order that will have them releasing every single bit of info on what went down and making them liable for the safe return or my estimated value of my domain. Add a Police report of theft to that. They'll move fast to work something with the receiving registrar.

So sad to see this happening in our industry but the good news is no one can use those domains. Whoever buys them and puts a site or forwards them to a working site is in trouble.

Good luck, @Commerce

Bob, thanks for the question. At this point, every message I am sending to the registrar is being bounced through their normal and recommended contact method per their emails. I'm starting to get more than a bit frustrated by a phenomenal lack of communication. As a thank you, my registrar actually has now blocked my account with them. Kind of outrageous behavior for a customer who has been with them for longer than their current owners have held them. I'll keep you posted as I figure out how to navigate the system and get things back. Hopefully some of my discoveries may help others who may go through a similar experience.

Based on voice discussions, I understand the abuse team is on it, however I was also told I should have expected a phone call today that never happened. Will update tomorrow evening.

 

[slader23]

Working on it. Am told that certain really private information was used to convince the register of my identity. Will probably be following up with the authorities after the names are returned. Still well in the 60 day registry transfer window, so that is the good news.

What was the registrar? So that others can avoid them in the future.

 

[Samer]

Regarding the name of the registrar, I'd prefer not to say at this time. It is one of the big guys, so I have some hope that this can be turned around. What I may do is explain some of what that took to do and how this came to pass after it is resolved.

Wow.
So if it turns around, no harm?

Come on man, it’s probably Network Solutions.
(worst registrar)
In any case, Good luck!

 

[Zilla]

Network solutions is a joke unreliable registrar. Why do people still use it?

I will trust them if I did not read any story here just judge by first impression...no any other reason, but their nice name "Network Solution" make me feel they are professional...so...a case describe how name is important...may be this also a reason for ur question.

 

[alcy]

well that's the thing about 25 years of domaining... u are more likely to own at least some liquid names...

so no random attack.. planned based on name values etc.

I guess some account hacks can be random too.

it also cant be random that in most cases its ns. but until investigations there is no proof.

 

[Bob Hawkes]

Is there an update on the status of the recovery?
Really hope you got it back promptly.

 

[MapleDots]

That is the primary issue with a certain type of 2FA--SMS--which is better than none at all, but still vulnerable via the example you gave. It is much more difficult to hack when an authenticator app/program (TOTP) or a hardware device/key (U2F) is used.

Making sure your phone stays locked when not in use helps, as does enabling password/biometric-protected access within the authenticator app itself. A number of registrars offer 2FA (some include a support PIN, like you mentioned--Epik also comes to mind). I have domains with several of them and 2FA is enabled at the account access level. Many also offer the additional option to enable 2FA for most domain configuration changes.

I hear the what if you lose your phone argument all the time, so I agree with you, keep it locked simple.

Now the real issue... how the hell does a domain thief get your phone?
I mean really, I keep hearing the argument against authenticator with people saying... if you lose your phone.

Give me a break please, domain thief's are usually from a distance away (like china) and they cannot get your phone so authenticator is virtually hack proof.

 

[JanO]

If the same registrar is this often involved in domain theft I would start to think someone within that registrar is actively involved in the theft. But maybe I'm dead wrong.

 

[Commerce]

Another day, another check in to implore the team at my registrar exploring the matter via their support folks to speak with me. So far, no joy. Very close to escalating the matter externally. At this point, I no longer have access to be able to login to my control panel to see what if any progress has been made.

I believe that this should not be rocket science. The kind of crime that has occurred here is not only foreseeable, it has already happened. Perhaps there is a backlog, but if I wanted to do something with the remaining domains, that is an option I no longer have. Thank heavens I was not in the middle of a sale, how remarkably unprofessional it would have made me look with a buyer.

 

[domain invest3r]

Sorry to hear that. Do you know how this happened, so we can also take precaution? Hope you manage to resolve, sir

 

[Commerce]

@wwwweb and @MapleDots - I do agree, however, I think it would be best to try to let the registrar have the opportunity to make things right. After all, it will be my pleasure to be able to report things are okay within a week should that happen.

 

[Commerce]

wow, ok, ty, will be looking out.

Thank you.

 

[Samer]

https://twitter.com/x/status/1354778895749419013

 

[james haw]

Working on it. Am told that certain really private information was used to convince the register of my identity.

So the registrar didn't do due diligence and email the address on the account? Or telephone your phone number? These are basic security checks in my opinion and unless they said they had lost their (your) email/telephone accounts there's no reason the registrar shouldn't have used one of these as a means of security checking.

"I don't have my email or telephone for you to check with and I want to transfer these expensive domains" - how did this not raise alarm bells?

 

[bulkdomainz]

Hope it gets resolved for you soon.

Actually several. But a little update. Having contacted the registrar support, I was advised to outline in detail the situation as an email to mail to their abuse, with an expectation of 24-48 hour response time. Ironically, their servers got back to me quite a bit faster... the message bounced. Hopefully, their legal team and my account manager will pick this up. Even so, I am going to reach out to their corporate group this morning. Based on the call, it was discovered that either forged or stolen physical credentials were used to convince them that the individual(s) were me. There is a little problem with their documentation I shall not share here. As you can imagine, I'm not pleased that along with some pretty strong names, they opted to go after my corporate identity.

The list of stolen domains discovered so far is as follows:

companies.net
experience.net
firstusa.net
ihba.com
ihba.net
ihba.org
isba.com
isba.net
pressclub.com
pressclub.net
schoolers.com
schoolers.net
clanmaitland.org
commercecompany.com
commercecompany.net
commercecompany.org
commerco.org
thecommercecompany.com
thecommercecompany.net
thecommercecompany.org

 

[Commerce]

Really appreciate the feedback. Lots to look at there.

 

[wwwweb]

@wwwweb and @MapleDots - I do agree, however, I think it would be best to try to let the registrar have the opportunity to make things right. After all, it will be my pleasure to be able to report things are okay within a week should that happen.

Maple is right, your domains are like hot potato right now, if they have left your register, it will be a long road back, as they probably have been flipped 1-2 times already if they have liquid value.

 

[The Durfer]

any one domain we should look out for in particular?

 

[The Durfer]

wow, ok, ty, will be looking out.

 

[ecomslice]

Meh

 

[Samer]

ICANN’s too busy giving themselves’ raises to care.