I spoke to Zems in chat about this as I had a very similar occurence recently. I resolved it as I was able to track the scammer and eventually found out their name and where they were operating from. For the benefit of all, here is how my situation panned out:-
I received an email one day for an offer on one of my domains, it said something similar to this:-
i saw your name Q0.org listed for sale at blahblahunkownsite.com* and was wondering what price you would sell for?
*this was not actual site, but it was just a random site I knew I had not listed my name on
Curiosity got the better of me, and blinded by the potential sale , I clicked on the link, only to realize my stupidity immediately and close the window.
I responded with an offer to the email, but heard nothing back and thought no more of it.
The next day, when I logged into my free email account, I could see an alert at the top telling me my mail was being forwarded to another account (which I obviously had not done).
I quickly undid this and immediately set about changing my password, before starting to investigate if any of my accounts had been hacked. It turned out my godaddy account had been and some of my names had been pushed to another account.
To cut a long story short, I tracked the whois info of the scam website that I had received in the email the day before, and emailed the email address that my mail was being forwarded to. (The scammer had deleted this email when they logged into my account, but it was still in my deleted messages folder). I went to great lengths to explain to this scammer that I would bring the full force of the law onto them, and went on to explain just how serious their crime was. I made several threats and took a gamble that they were the owner, or knew the owner, of the suspicious site (found through whois). I then made my threats personal - i.e. Joe Bloggs, I know who you are, it is only a matter of time until I find where you live etc. I did not make any threats of harm or illegal acts, only criminal prosecution. This paid off, and the scammer, convinced I was going to track them down, offered to return everything immediately if I did not press charges.
It took me over a week to regain control of some of my accounts, as I had immediately notified as many as possible of the fact that my account may have been compromised. This menat they needed photographic ID from me before giving me access back and although it was a hassle, it was reassuring to know.
I did not catch the scammer, but I got all my domains back, altered all my passwords, and chalked one up to a lucky escape.
Zems, I hope you are able to resolve your situation too.