Emergency Need Moniker Rep ASAP

[labrocca]

I believe my Moniker account just got jacked somehow. Probably someone convinced a rep to change my email. It's been attempted twice.

Of course I immediately need to be able to get my account back. I have the extra portfolio protection which I paid for but I also worry that whois or DNS will be changed on my websites.

This is a serious problem so if anyone knows a moniker rep I can contact I'd appreciate it.

I've already sent Bari an email and a PM here. But anyone have a more direct immediate contact. I'm pretty livid and nervous right now.

What alerted me was some $100 charge to my PP account from Moniker. I was like WTF and when I checked Moniker I could not login. Password reset isn't working either as I believe my email got altered.

This is nuts. WTF

 

[Domagon]

After you resolve the issue, consider Fabulous - their extra security is reasonably priced (little to no extra cost for those with many domains with them) and their support is fantastic; very responsive.

If your portfolio is extremely valuable, your budget is large, and you're seeking out the best security money will buy, then check out MarkMonitor - they are the only registrar I'm aware of that offers VeriSign Registry-Lock service for .COM domains.

Ron

 

[DomainTalker]

Wow...

Bari's usually right on stuff, labrocca...


....But, why not contact Monte Cahn, himself?

My experience with him is that he's usually very good if a Moniker customer has a serious problem:


[email protected]


Good luck with this.

.

 

[nicedomains]

Good luck Jesse, I hope your account/domains are in good hands.

 

[labrocca]

I got Bari to respond from his Blackberry. The account is suspended now.

On the 27th of November there was an attempt to hijack my account by calling service reps and getting email changed. I was alerted and informed Moniker that it was not me and it was a hijack attempt. Within an hour I finally decided to buy the Max Lock for my portfolio. This is suppose to protect your account from unauthorized changes without verification of identity. So how my account one week later has it's email changed is well beyond me.

Bari says they will investigate but I must say I'm furious.

My debit card to my bank account was attached to Moniker and $1800 worth of charges just appeared. They are still in a pending status but I have no idea at this time if indeed domains were registered.

I do know that $97 worth of domains were registered and that's actually how I got alerted to the hijacking. I got an email from Paypal about a new Moniker transaction and I was like WTF.

But now there is another $1800 from my bank too. I swear I better get every penny back and fast.

I'm beyond upset at this.

 

[NLP]

That's disturbing to say the least. I'm glad you were able to get somebody to respond. I thought "Bari" was a female rep, by the way.

Hopefully they can trace IP addresses or follow the paper trail back to the source of this nastiness...it's very scary. I'm personally very paranoid. You have every right to be pissed, and I hope you're able to get some answers soon.

 

[Domagon]

...Within an hour I finally decided to buy the Max Lock for my portfolio. This is suppose to protect your account from unauthorized changes without verification of identity. So how my account one week later has it's email changed is well beyond me.

Does Moniker MaxLock require the account holder to always call whenever making changes? ... or are changes allowed just by answering the on-line security questions? If so, that's a huge security flaw.

Another thing to consider is does Moniker outsource their support? And if so, to whom and where?

I do know that $97 worth of domains were registered and that's actually how I got alerted to the hijacking. I got an email from Paypal about a new Moniker transaction and I was like WTF.

Ironically, despite its issues, PayPal saved you from an even worse situation. More to the point, it appears that whoever did it likely has little to no access to your other on-line accounts, though that still doesn't preclude the possibility of a keylogger / network sniffing going on - do you use Wifi a lot? If so, that's something to work on locking down / avoiding using when managing important on-line accounts.

But now there is another $1800 from my bank too. I swear I better get every penny back and fast.

In addition, Moniker should fully refund the fee ($124.99 according to their site) you paid for MaxLock, since it apparently didn't work - it was PayPal, in effect, who alerted you something was wrong.

Ron

 

[Freshfroot]

#1 NEVER use a debit card. Always use paypal funds or credit cards. Better yet use a credit card, as you can always chargeback if someone does steal it.

#2 You should've read my thread. Moniker is falling apart ever since it was sold.

I hope they figure out what is going on and I assume since Bari is notified. That they will look into it in details, and give you a report on it soon. For now, I would contact my bank and freeze all accounts that were used.

 

[labrocca]

Max Lock from my understanding requires off line verification based on things I provided. Stuff that's very secure and no one knows. I firmly believe the breach was a phone rep from crappy outsourced support. That's the real security flaw.

As for me being keylogged. No way. I don't even think they got my password. I think they got the email changed then did a password reset. 100% the email was changed and I 100% still have control of my email account. I don't use wifi and I'm super well-versed in security of my account and my sites. However I can't control it when a rep is socially engineered to change data. This happened to my datacenter once. Someone got them to change the email for one of my servers. Luckily I caught that immediately too and prevented any damage.

This is worse though. How Moniker makes this right is a seperate issue I'll deal with once I've fixed all the damage.

My main concern is getting my account back, having all my money refunded ($1850) and making 100% sure that no transfers will take place. I'm nearly positive a transfer was initiated on my valuable domains. I have some clues that my main website domain was targetted and that a transfer has been placed.

What's crazy is that I've probably been one of Moniker's biggest supporters. And I can't in recent memory think of a thread here with a worse tale.

 

[Ms Domainer]

*

I knew that Moniker was bad news when they never answered my support tickets.

I'm not at all surprised.

I hope you can work out this mess.

*

 

[DnEbook]

........ you already had the email i was giving, good luck

 

[Domagon]

Max Lock from my understanding requires off line verification based on things I provided. Stuff that's very secure and no one knows. I firmly believe the breach was a phone rep from crappy outsourced support. That's the real security flaw.

On the bright side, as you wrote in the paragraph that I snipped, your computer security is fine - Moniker support itself appears to have been the weak link; social engineering.

My main concern is getting my account back, having all my money refunded ($1850) and making 100% sure that no transfers will take place. I'm nearly positive a transfer was initiated on my valuable domains. I have some clues that my main website domain was targetted and that a transfer has been placed.

Hopefully, Moniker has NAKed all pending transfer outs, and has, if applicable, already notified the gaining registrar(s) to transfer the domains back asap ... be sure Moniker has / is doing this - if not, this situation may go from bad to worse ... not only for you, but also for Moniker whose reputation has been taking a beating lately.

Ron

 

[labrocca]

If I lose my domains to another registrar I'm potentially out tens of thousands of dollars. And real provable income too. I'm trying to remain confident about this but if the sheet hits the fan and I lose income I have no choice but to make sure I get compensated.

According to whois locks still appear in place which is good.

To sleep tonight I'm going to have to take some sleeping pills. I'm too upset to relax properly.

 

[Domagon]

According to whois locks still appear in place which is good.

I assume you checked the registry whois (ie. VeriSign for .COM & .NET, Public Interest Registry for .ORG, etc), right?

If you're relying on Moniker's whois and/or third party whois, all bets are off (info, including statuses, such as lock, shown in a registrar whois can sometimes be meaningless and not reflect reality) - only the registry whois matters at this point...

If the associated registrar at the registry level is still shown as Moniker, that's a good sign.

And be sure Moniker has NAKed all pending transfer outs. Otherwise in several days you could be in for more nasty surprises.

Ron

 

[DomainTalker]

Not suggesting it was the case here, but, a good general principle is never to use the same email address for both domain WHOis, and one's Registrar(s) Account(s).


That way, no one can get the email address from a domain Whois, and, then (because it may also be the email used for the Registrar Account, itself) use the knowledge of it to try to re-engineer a ('lost') password for the Account - either electronically, or on the phone with a Registrar Account Rep.

 

[jrzeygirl]

Everyone please relax! Last night when Jesse emailed me, I immediately replied and got all the necessary people involved. I locked down the account so no further activity could occur until we could investigate further.

Please rest assure Jesse's account at Moniker is safe and we are investigating what happened.

Thank you!

 

[bmugford]

Everyone please relax! Last night when Jesse emailed me, I immediately replied and got all the necessary people involved. I locked down the account so no further activity could occur until we could investigate further.

Please rest assure Jesse's account at Moniker is safe and we are investigating what happened.

Thank you!

I am glad you worked fast to resolve it, but the bigger issue is how did it happen in the first place.

I imagine it would be kind of hard to relax if your account is compromised via an unknown method.

Brad

 

[jrzeygirl]

I am glad you worked fast to resolve it, but the bigger issue is how did it happen in the first place.

I imagine it would be kind of hard to relax if your account is compromised via an unknown method.

Brad

Brad - you're absolutely correct! It is hard to relax when your account is compromised via an unknown method and I as well as my support and tech staff have been working on this since 10pm EST last night when Jesse first contacted me. I assure you everything is being done to find out what happened!

 

[Makis.TV]

This is very serious, topic bookmarked for receiving updates.

 

[Ms Domainer]

Not suggesting it was the case here, but, a good general principle is never to use the same email address for both domain WHOis, and one's Registrar(s) Account(s).


That way, no one can get the email address from a domain Whois, and, then (because it may also be the email used for the Registrar Account, itself) use the knowledge of it to try to re-engineer a ('lost') password for the Account - either electronically, or on the phone with a Registrar Account Rep.

*

Good reminder.

I have a "secret" email address, which I use just for account info. I give this address to no one, especially not family and friends (who are notorious spammers, what with all their "cute" forwards) except registrars, and I would not answer spam from this account.

For registrars that use email addresses for sign-in ID, the address I use is not real, but a forward to the real address. One warning, though: make sure that the forward works by testing it.

I do wish that registrars were more proactive in protecting their customers' property by eliminating the email sign-in AND requiring that the account email is different from WHOIS email.

And, Bari, Moniker has lost a customer for sure; customer service stinks. I have never received any responses to my support tickets, so I voted with my feet.

As soon as I buy an aftermarket domain, I transfer it out ASAP.

*