- Impact
- 121
Hard to believe after nearly 25 years, but I got hit by criminals who have stolen a number of my domains. Any insights beyond working with the registrar of record to resolve this quickly?
-Commerce
-Commerce
Because it's where the SnapNames successful drops are homed. We don't have options. Time the authorities did take a look. They do have a duty of care for the public's property if they are allowed the role of caretaker.
I will trust them if I did not read any story here just judge by first impression...no any other reason, but their nice name "Network Solution" make me feel they are professional...so...a case describe how name is important...may be this also a reason for ur question.Network solutions is a joke unreliable registrar. Why do people still use it?
agreed NetworkSolutions is a great business name but worst services.I will trust them if I did not read any story here just judge by first impression...no any other reason, but their nice name "Network Solution" make me feel they are professional...so...a case describe how name is important...may be this also a reason for ur question.
So the registrar didn't do due diligence and email the address on the account? Or telephone your phone number? These are basic security checks in my opinion and unless they said they had lost their (your) email/telephone accounts there's no reason the registrar shouldn't have used one of these as a means of security checking.Working on it. Am told that certain really private information was used to convince the register of my identity.
Yes, thank you for that. Have been in touch with ICANN to establish the process needed, which will begin on Monday.
Actually several. But a little update. Having contacted the registrar support, I was advised to outline in detail the situation as an email to mail to their abuse, with an expectation of 24-48 hour response time. Ironically, their servers got back to me quite a bit faster... the message bounced. Hopefully, their legal team and my account manager will pick this up. Even so, I am going to reach out to their corporate group this morning. Based on the call, it was discovered that either forged or stolen physical credentials were used to convince them that the individual(s) were me. There is a little problem with their documentation I shall not share here. As you can imagine, I'm not pleased that along with some pretty strong names, they opted to go after my corporate identity.
The list of stolen domains discovered so far is as follows:
companies.net
experience.net
firstusa.net
ihba.com
ihba.net
ihba.org
isba.com
isba.net
pressclub.com
pressclub.net
schoolers.com
schoolers.net
clanmaitland.org
commercecompany.com
commercecompany.net
commercecompany.org
commerco.org
thecommercecompany.com
thecommercecompany.net
thecommercecompany.org
I hope im not oot...but i was wondering, is it worth it to pay an advanced security for a domain (the one offered in the domain registry)? Will it prevent this incident?
Is there an update on the status of the recovery?
Really hope you got it back promptly.
Getting a good registrar and two factor security stops this.
When I phone godaddy they will not talk to me until I give them my generated code from my google authenticator.
It does not matter how much personal information I give them. It is because I asked for that service, even a simple support call needs that code so nobody can scam the support agent.
We are all human and with a lot of personal information it can look to the agent like he is talking to the domain owner.
The authenticator is your friend and even more secure than two factor with a text to your phone.
I hope im not oot...but i was wondering, is it worth it to pay an advanced security for a domain (the one offered in the domain registry)? Will it prevent this incident?
My concern with 2FA is that it introduces another level of authentication that can be hacked
That is the primary issue with a certain type of 2FA--SMS--which is better than none at all, but still vulnerable via the example you gave. It is much more difficult to hack when an authenticator app/program (TOTP) or a hardware device/key (U2F) is used.
Making sure your phone stays locked when not in use helps, as does enabling password/biometric-protected access within the authenticator app itself. A number of registrars offer 2FA (some include a support PIN, like you mentioned--Epik also comes to mind). I have domains with several of them and 2FA is enabled at the account access level. Many also offer the additional option to enable 2FA for most domain configuration changes.