question How can domains be stolen? Submit ways or Experience or if you've done it (lol)

[WhoaDomain.com]

I've read many threads on here about domains being stolen. And it always makes me wonder HOW? Seems impossible. Perhaps the more we talk about it the more we can protect ourselves from it.

so I thought why not start a "How do domains get stolen?" Thread.

That way we have one thread that can be reference instead of scattered "stolen" stories here and there. Hopefully people will contribute their experience. and even better. if someone is cocky enough and using a fake NP account they will share. ( I know most people who have done bad things love to "show off" how they did it. It's no fun unless people know you got away with it. I've seen documentaries on TV where they block the person's face and voice to hide their identity. I bet one of these criminals is bold enough to come here and expose to us the "tools of the trade" and how it's done. Let's see!)

So you will be first?

and criminals? come here and brag if you dare.

 

[todaygold]

Yet another thrilling thread. Obviously the main way domains get stolen is through voodoo magic.

 

[WhoaDomain.com]

There are many stories of domains being stolen and you know it. The stories pop up every now and then. searching for it on NP is not efficient. Best to have one thread so that anyone can read it all in one thread and follow that one thread for future posts by other NP users.

is that bad?

 

[RJ]

I don't think it's a great idea to provide a how-to guide for would-be domain thieves.

As a domain owner, your best protection against domain theft is to keep your contacts up-to-date, keep your registrar username and passwords secure, enable two-factor authentication at your registrar whenever available, and protect your email accounts. Be careful of phishing attempts and weary of any requests you get to update your domain contact information or authorize transfers to other registrars.

Ignoring any of these steps can lead to a thief gaining control of your domain.

 

[todaygold]

I don't think it's a great idea to provide a how-to guide for would-be domain thieves.

As a domain owner, your best protection against domain theft is to keep your contacts up-to-date, keep your registrar username and passwords secure, enable two-factor authentication at your registrar whenever available, and protect your email accounts. Be careful of phishing attempts and weary of any requests you get to update your domain contact information or authorize transfers to other registrars.

Ignoring any of these steps can lead to a thief gaining control of your domain.

Thank you. A good, common sense answer.

 

[WhoaDomain.com]

I think the reason why domains do get stolen is because people are not doing what they are supposed to be doing to protect themselves. perhaps a "Scary" thread like this will be a wake up call to ALL and they quit being lazy and guard themselves.

If only one of these criminals will come on here and give us the 411. like they do on TV documentaries. I would take a guess that people like this are the type to show off.

but....if they don't then the next best thing is a breakdown of how it's done from past stories of stolen domains.

The more you expose something. The better. What would be sad is a domainer having their domains stolen by "old school" tricks that's been around for a while.

I don't know the "tricks" and I'm sure many don't know either.

This why I thought maybe one thread that discusses it in detail would be useful.

 

[WhoaDomain.com]

Thank you. A good, common sense answer.

yes...Thanks RJ for submitting your INPUT to the question of this THREAD.

 

[todaygold]

If only one of these criminals will come on here and give us the 411. like they do on TV documentaries. I would take a guess that people like this are the type to show off.

It doesn't take a rocket scientist to figure out the common ways they get stolen...although I guess for some people it does require one.

yes...Thanks RJ for submitting your INPUT to the question of this THREAD.

I believe RJ started by saying a thread like this is a bad idea. You will notice how RJ didn't answer your question, but instead provided good, common sense ways to prevent theft.

 

[WhoaDomain.com]

I think alot of domainers pro and newbie thinks "Oh that would never happen to me. I'm too smart."

until of course it happens.

every story I've read on here (not many but I'm sure there are many stories I haven't heard or read yet) the OP always seems confused or bewildered and can't believe that their domain was stolen and don't know how.

and I bet you they were one of those people who would think "Oh that would never happen to me. I'm too smart."

How many Domainers pro or newbie tend to be too relaxed about their domaining activities? how many domainers can be potential victims of domain thefts?

is everyone safe? if that's the case then I'll delete this thread right now.
if no one is safe. then I think this thread is valid.

 

[todaygold]

I think alot of domainers pro and newbie thinks "Oh that would never happen to me. I'm too smart."

Guess we don't have to worry about you saying that.

is everyone safe? if that's the case then I'll delete this thread right now.
if no one is safe. then I think this thread is valid.

Posting this thread about how to steal domains isn't going to make everyone safe. How to stay 'safe' has been talked about to death, although I guess you love whipping the dead horse. Maybe next up you can start a thread about the best way to break into peoples homes or the best methods to use to get away with identity theft.

 

[WhoaDomain.com]

It doesn't take a rocket scientist to figure out the common ways they get stolen...although I guess for some people it does require one.



I believe RJ started by saying a thread like this is a bad idea. You will notice how RJ didn't answer your question, but instead provided good, common sense ways to prevent theft.

it's a bad idea to show a "How to Guide" to would be domain thieves is his exact words.

of course he is entitled to his opinion and this thread has just been posted. so are we to assume that his and your opinion is all that matters? (with respect RJ) we have yet to see other's chime in. so right now you and RJ have submitted. it's only day 1.

if only you guys replied then fine. I bow out.

but too soon say really.

if anything all your posts really say is that You post faster than someone else with your opinion. doesn't make you right. so let's see what tomorrow brings if someone will post.

This is what usually happens to my posts. You come in FIRST then someone comes in later AT THEIR OWN PACE.

People do have lives you know? and they eventually will come to NP and if they feel like contributing to this thread then so be it.

Thanks for the input RJ.

 

[WhoaDomain.com]

Guess we don't have to worry about you saying that.



Posting this thread about how to steal domains isn't going to make everyone safe. How to stay 'safe' has been talked about to death, although I guess you love whipping the dead horse. Maybe next up you can start a thread about the best way to break into peoples homes or the best methods to use to get away with identity theft.

Knowledge is power. Some people don't know. This thread is for them. not you obviously because you are Mr. Know it all.

 

[WhoaDomain.com]

Guess we don't have to worry about you saying that.



Posting this thread about how to steal domains isn't going to make everyone safe. How to stay 'safe' has been talked about to death, although I guess you love whipping the dead horse. Maybe next up you can start a thread about the best way to break into peoples homes or the best methods to use to get away with identity theft.

And I guess we will never have to worry about you becoming exhausted from giving your opinion? I suspect you are one of those Over Opinionated Liberal Millennial Hipsters who swears people care about their opinions and that their opinions matter?

 

[Cdomains]

The main reason domains get stolen aside from seriously talented hack/ers is being lax with security and falling for things like Phishing attacks.

Don't open emails from unknown sources.

Never ever click on links in emails, even from known sources, they are extremely dangerous and sender addresses are easily spoofed.

Always use 2 factor authentication, when available, on all accounts with registrars and all email accounts.

Take advantage of any other security functions that are available and offered for all your email and registrar accounts.

Use very strong passwords, with no dictionary words, and random letters, numbers, and characters.

Use different passwords for all accounts, and don't use the same passwords twice.

Don't put all your eggs in one basket, use many different email addresses for your registrations and accounts. This can limit losses if one is compromised.

All of what I listed above is a pain in the a**, I know, but it is essential if you want to be safe.

With everything I just said above, if a talented hack/er wants your domains, he will have your domains and there isn't much you can do about it.

 

[WhoaDomain.com]

The main reason domains get stolen aside from seriously talented hack/ers is being lax with security and falling for things like Phishing attacks.

Don't open emails from unknown sources.

Never ever click on links in emails, even from known sources, they are extremely dangerous and sender addresses are easily spoofed.

Always use 2 factor authentication, when available, on all accounts with registrars and all email accounts.

Take advantage of any other security functions that are available and offered for all your email and registrar accounts.

Use very strong passwords, with no dictionary words, and random letters, numbers, and characters.

Use different passwords for all accounts, and don't use the same passwords twice.

Don't put all your eggs in one basket, use many different email addresses for your registrations and accounts. This can limit losses if one is compromised.

All of what I listed above is a pain in the a**, I know, but it is essential if you want to be safe.

With everything I just said above, if a talented hack/er wants your domains, he will have your domains and there isn't much you can do about it.

yesssssssssssssssssssssssss!! Thank youuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu!!!!!!

Ok story time.

Thee other day. I checked my spam box. something I do often because sometimes some emails that aren't spam and are important get sent to the spam box.

I came across an email that made me open it.
it was an supposed "buyer" from Dubai I have since deleted it.

But what I did was take it out of spam to read it later. as I got busy.

Read it. Got excited because the email address was of some big bank in Dubai.

strangest thing THANK GOD!!! I didn't click the links on that email because........

I moused over to the email address and would you believe? once I moused over to the email address? it was some bogus generic gmail?

I couldn't believe it! here I was thinking I was being contacted by some rich bank.

and just like you said never click anything from emails you don't trust.

AND I ALMOST DID! and mind you my email sent this email to spam.

How the hell did these guys make it look like this email came from some legit bank in Dubai?

it's like getting an email from

[email protected]

and then when you mouse over to the email. it's actually

[email protected]?

close call. since then I changed my email address password and registrar passwords..

just in case because I've heard that sometimes just opening the email is enough to get hacked.

True Story.

can someone explain how someone could change the email address in an email to look like [email protected]?

I found out later the bank in Dubai was being bought out by NBAD National Bank of Abu Dhabi.
the domain was FGBGroup.com

 

[todaygold]

strangest thing THANK GOD!!! I didn't click the links on that email because........

I moused over to the email address and would you believe? once I moused over to the email address? it was some bogus generic gmail?

I couldn't believe it! here I was thinking I was being contacted by some rich bank.

WOAH!!! NO WAY!??? Oh my gosh dude, are you going to sell the movie rights to this AMAZING story!?

 

[todaygold]

For someone that claims to be into domain names, something as simple as cloning an email address is a surprise to you? Seriously? It's like the oldest trick in the book. Anyone can make an email appear like it was sent from another address. We're talking grade school stuff, not high tech scammers.

 

[bobbarato]

I don't know details on how they are stolen but this is my security measure. I have an older laptop running linux that is used only for 2 things - accessing my registrars and my webhost. So super low odds of malware / keystroke logger. This leaves sniffing my network traffic or spoofing / intercepting my admin email.

 

[Cdomains]

As I said, I never click on links in emails, ever, even from know sources.

I always check the source code in emails with domain offers or inquiries, or anything that might be important.

If you always do this you can see where the email really came from.

 

[Cdomains]

How the hell did these guys make it look like this email came from some legit bank in Dubai?

That is what spoofing is all about.

Always check the source code of your incoming emails!!!!

 

[Cdomains]

can someone explain how someone could change the email address in an email to look like [email protected]?

A little knowledge and some software is all you need.

The bad guys have no problem getting this.

 

[WhoaDomain.com]

I don't know details on how they are stolen but this is my security measure. I have an older laptop running linux that is used only for 2 things - accessing my registrars and my webhost. So super low odds of malware / keystroke logger. This leaves sniffing my network traffic or spoofing / intercepting my admin email.

Wow see that? Now how many domainers even do that and will probably look into this because of this thread?

Great info bobbarato

 

[WhoaDomain.com]

That is what spoofing is all about.

Always check the source code of your incoming emails!!!!

I've always known or more like heard of spoofing and all these other bad things just like most people.

And most people treat it like a mugging . They never think of it or keep it in mind until they come home late night and get followed by a bunch of scary people following them.

Like you've heard about it happening in the news never pay it no mind since it never happened to you.

Your not stupid to it you just put it way in the back of your mind because there are more important things to think about currently like making money.

But honestly... Truthfully. Who here will admit they heard of spoofing but don't really know it 100% or how it works exactly?

It would be stupid to think to assume everyone knows about it.

As with anything in life it's never 100% anything. Some people know some people don't some people know and ignore it or forget.

But now that this is mentioned here as spoofing I do remember it now.

I admit I heard about it. Never really looked into it as I'm not a hacker or geek by trade


As I said you never really pay a thing no mind until it happens to you. Only THEN is it on your radar.

But please continue! Anyone else like to share?

Good info cdomains

 

[WhoaDomain.com]

The main reason domains get stolen aside from seriously talented hack/ers is being lax with security and falling for things like Phishing attacks.

Don't open emails from unknown sources.

Never ever click on links in emails, even from known sources, they are extremely dangerous and sender addresses are easily spoofed.

Always use 2 factor authentication, when available, on all accounts with registrars and all email accounts.

Take advantage of any other security functions that are available and offered for all your email and registrar accounts.

Use very strong passwords, with no dictionary words, and random letters, numbers, and characters.

Use different passwords for all accounts, and don't use the same passwords twice.

Don't put all your eggs in one basket, use many different email addresses for your registrations and accounts. This can limit losses if one is compromised.

All of what I listed above is a pain in the a**, I know, but it is essential if you want to be safe.

With everything I just said above, if a talented hack/er wants your domains, he will have your domains and there isn't much you can do about it.

I've posted couple times here that I thought one of my domains was stolen. Either by someone or even the registrar.

As I hand reg alot when I get an idea of a niche look into I will reg keywords comboed with that niche like VR or iot

Sometimes I'll check to see if the whois on a domain I own or thought I owned because too lazy to log into my registrar as I use a super strong password for it. And have it written down .

And when I check the whois I see I don't own it.

Then I think " didn't I register that domain?"

Then of course you think it might have been stolen or it wasn't reg and taken by the registrar?

If the my email is even hacked. The next move for a criminal would be to lock you out and they then proceed to reset your registrar passwords.

Even then unless you don't check your emails daily your know to contact your registrar immediately.

Unless of course the hacker figured out your password to the registrar. And started transferring out domains. Even then shouldn't you be notified of such activities via email?

Since getting paranoid about this I've checked my registrars for transfers Found None that I activated myself. Which is a relief.

Is there a way for the baddies to transfer domains out without thee owner finding out?

Are there ways a hacker can fudge the whois like change the dates of reg?

 

[briguy]

.
But now that this is mentioned here as spoofing I do remember it now.

I admit I heard about it. Never really looked into it as I'm not a hacker or geek by

Speaking of "spoof"email..just got another "spoof" one from Paypal. Just finished reporting it (forward it and didn't click on any links)

[email protected]

Wish all major sites (registrars included) have a way of reporting "spoof" emails

Here the definition of "spoofing"

http://searchsecurity.techtarget.com/definition/email-spoofing

Sorry, I couldn't share any other information. Never been a victim of a "rip off" (knock on wood) mainly because of preventative measures (that are mentioned on this thread)