QiR.com stolen from GoDaddy

[simon]

Qir.com has been stolen recently from Godaddy and transfered to Dynadot.

The thief was able to login to the Godaddy account that didnt belong to him transfered domain away. There was no email regarding the transfer of the domain name in the admin email of the domain name.
Godaddy team are currently investigating on this matter.
Please do not buy this domain name in the aftermarket.

here is an article about this theft

http://domaingang.com/domain-crime/alert-the-domain-qir-com-has-been-reported-as-stolen/

 

[SirDrago]

Several people posting on stolen GD domains as of late. I think @Joe Styler needs to address his team and perhaps check if GD systems are compromised in any way.

 

[imadoer]

this is getting ridiculous with theft from godaddy
is there a way to check to see all the domains that have been stolen????

 

[Nile Patel]

Something Joe has to talk about all this stolen issue here as it is getting scary to hold big value name with godaddy.
Is this happening to USA based user account or from other country accounts.

 

[Argentum]

It was stolen because good domain not deserve to be handled by crappy registrars..

 

[aaron123]

I have been stolen 25 LLLL.COM on godaddy
https://www.namepros.com/threads/25-llll-com-domains-was-stolen.884414/

 

[Acroplex]

A lot of domains are stolen at GoDaddy. This isn't a lax security issue, and I will explain why.

GoDaddy is the #1 domain registrar in the world in terms of numbers: 37+ million domains under management. The #2 is eNom, with about 9 million.

The difference is huge, and it leads to GoDaddy being the target of domain thieves, simply because statistically that's where the domains are.

How are domains being stolen from GoDaddy?

The thieves create fake portal pages and send emails imitating GoDaddy emails. These are the typical phishing schemes to log in and supposedly correct some info, providing your account username/password in the process.

How can you protect yourself?

First off, avoid clicking on emails asking you to log in etc. like the plague. Always go to the registrar's web site by typing it in.

Second, enable the two factor authentication option: it will send you an SMS *every time you want to log in* even if you entered the proper account username and password. Without that code, a thief who stole your credentials, won't access your account - unless they stole your phone as well!

What can you do if your domain was stolen?

Contact the losing registrar, as they will need to gather your info and file a reversal process. Contact blogs and forums posting the domains that were stolen, so that the info is public and nobody buys these domains. Very often, thieves will attempt to dispose of these domains in the first 48 hours after the theft.

What can you do if you discover the theft late?

Again, file a report to the losing registrar, a police report and potentially inform the FBI - if your loss exceeds $5,000 dollars. At that point, you are better off contacting an attorney that will advise you on the process, which can take days, weeks or months, depending on the complexity of the case.

To recap: prevention works better than after-measures.

 

[NameOmnia]

Yes, true, GD is the #1 registrar and as the number one they could have figured out they would have become the number one target for domain thefts.
If my memory still works in over 2 years I have't seen one single thread about a stolen domain that wasn't about GoDaddy and that can't be something only imputable to their size or a coincidence.

People have asked to remove the expedite transfer option but no one there seemed to have taken any notice of it; why not offering a free privacy ( like many other registrars do ) to help protecting our email addresses?
I remember that @Paul Buonopane once explained and compared the security of some registrars ( in a detailed and technical way that I can't re write )and it was clear that some were more secure than others. It's not by accident that 99% of the fake emails are Godaddy emails.

Sure there are measures we can take to better protect ourselves but let's not forget that, as many have already pointed out, in more than a few countries the PIN number takes hours and hours to arrive, almost forcing domainers to deactivate the 2fa; furthermore not all of us live in the US and have an FBI to talk to. International problems are always the most complicated to deal with and solve ( especially if they involve countries like China and India ) and should be avoided at all costs.

As a side note, are you really sure that FBI would seriously do anything for a virtual item that might be worth some thousands when they have to deal with far worse and bigger problems? Just a question as I do not live in the US.

In conclusion I think that GoDaddy should begin to implement better and more effective measures starting from now and that domainers should be more vigilant and thorough with their business.
Under a personal point of view, I have almost only worked with GD since the beginning of my domaining adventure but in the recent times I have had to reconsider my decision. Without coupons, being forced to pay 120$ ( DDC ) to get "discounted" prices that other registrars offer by default and with such security issues, what are the real reasons we remain with GD?
The aftermarket. Yes. I don't think it will last forever though.

 

[Paul]

Yes, true, GD is the #1 registrar and as the number one they could have figured out they would have become the number one target for domain thefts.
If my memory still works in over 2 years I have't seen one single thread about a stolen domain that wasn't about GoDaddy and that can't be something only imputable to their size or a coincidence.

People have asked to remove the expedite transfer option but no one there seemed to have taken any notice of it; why not offering a free privacy ( like many other registrars do ) to help protecting our email addresses?
I remember that @Paul Buonopane once explained and compared the security of some registrars ( in a detailed and technical way that I can't re write )and it was clear that some were more secure than others. It's not by accident that 99% of the fake emails are Godaddy emails.

Sure there are measures we can take to better protect ourselves but let's not forget that, as many have already pointed out, in more than a few countries the PIN number takes hours and hours to arrive, almost forcing domainers to deactivate the 2fa; furthermore not all of us live in the US and have an FBI to talk to. International problems are always the most complicated to deal with and solve ( especially if they involve countries like China and India ) and should be avoided at all costs.

As a side note, are you really sure that FBI would seriously do anything for a virtual item that might be worth some thousands when they have to deal with far worse and bigger problems? Just a question as I do not live in the US.

In conclusion I think that GoDaddy should begin to implement better and more effective measures starting from now and that domainers should be more vigilant and thorough with their business.
Under a personal point of view, I have almost only worked with GD since the beginning of my domaining adventure but in the recent times I have had to reconsider my decision. Without coupons, being forced to pay 120$ ( DDC ) to get "discounted" prices that other registrars offer by default and with such security issues, what are the real reasons we remain with GD?
The aftermarket. Yes. I don't think it will last forever though.

Interestingly, GoDaddy seems to have taken my advice and begun implementing one of the security measures that I suggested: DMARC. Your email provider will likely send abuse reports to GoDaddy if it receives emails reportedly from godaddy.com that can't be verified. Unfortunately, GoDaddy hasn't fully enabled the security feature, so the emails won't be prevented from appearing in your inbox.

 

[Joe Styler]

Several people posting on stolen GD domains as of late. I think @Joe Styler needs to address his team and perhaps check if GD systems are compromised in any way.

Our systems are not compromised. I can assure you of that. The most common way I see people have their domains stolen is through phishing emails or malware. I would urge you to be cautious when receiving emails from any company asking you to click a link and put in your password. Instead you should go directly to the website of the company and put in the login details there or call the company if you are concerned. I also think it is very important to use 2 factor authentication to make sure that thieves cannot access your account even if your password is compromised.

 

[Joe Styler]

Sorry for the delayed response. I was out on vacation in a place where the Internet was almost non functional and I am just getting back and trying to catch up on things. @Acroplex answered most of the questions that were raised on here really well so I would follow his advice. I also thank him as he routinely tries to help people who have lost domains.

I know this happens to people at all registrars, unfortunately it is easy enough to get tricked even for savvy online users with the way some of the sophisticated thieves work. It is hard to have your guard up 100% of the time and some of the domains people own are worth a good deal of money. I have unfortunately seen domains taken from many registrars not just GoDaddy. Many times when people have their domains taken they do not make it known publicly which is a mistake in my opinion. Sometimes people are embarrassed or not sure what steps to take. Making it known as soon as possible to your registrar and publicly in places like this so other potential buyers know is important in recovering the name or names.

I think the #1 thing you should do is enable 2 factor at any registrar that allows it, and also enable 2 factor on your main account email as well.

The next thing to do is monitor your domains, we offer monitors on your names which are free with many products so you probably already have hundreds of credits sitting unused in your accounts. https://www.godaddy.com/help/setting-up-domain-monitoring-579 shows how to set them up. This way you are alerted to any updates on a domain. This is also good if there are names you want to buy, you can watch them and see if they expire or update the contacts etc, things that may mean the owner is willing to sell now.

Really be aware what you are clicking on and who you give your passwords to as well as using 2 factor authentication.

Once you discover a domain name is taken please reach out to us asap. You can call support or call them and email me, we have a team that deals with this sort of thing and is very good about getting domains back for our customers. It is always easier of course to keep the domains in your account in the first place so keep 2 factor on the accounts and be careful who you give your password to.

 

[NameOmnia]

@Joe Styler

Thanks for replying.
I see you keep recommending to use the 2fa which is sensible and logic but haven't you read about all those people who have encountered so many problems about receiving their codes that they had to deactivate it? I pointed it out in my previous post but you didn't address the issue.

 

[Joe Styler]

@Joe Styler

Thanks for replying.
I see you keep recommending to use the 2fa which is sensible and logic but haven't you read about all those people who have encountered so many problems about receiving their codes that they had to deactivate it? I pointed it out in my previous post but you didn't address the issue.

Yes I asked (might have been on another thread) if someone is having a problem to reach out to me when it is happening and I will have someone investigate it. I want to figure out what is causing the issue so if we can get an example as it happens I think that will help.

 

[Acroplex]

Thanks Joe. Odd timing, I just emailed you another, rather unique case.

 

[simon]

I would like to update everyone that the domain has been recovered.
the thief had offered to sell the domain in the aftermarket but lucikly the name was not resold. because of this, things moved much faster.
thanks Godaddy for taking it seriously.