The domain Tobacco.com has been reported as stolen

Tobacco.com is currently a stolen domain asset, after a double transfer from Network Solutions to GoDaddy and then Ionos.

More information.

 

For those with a lot of premium domains, enter your registrar email here haveibeenpwned.com and it will tell you if your email has been in a data breach before. If it has, I would highly recommend you make a completely new password. Also, enable 2FA always.

A lot of these stolen domains occur due to these previous data breaches with user's emails and passwords. They use that data to mass login to registrars.

Be careful out there everyone!

 

There are also targeted phishing attacks too, so for example be wary of GoDaddy emails and confirm their authenticity by looking at who the email sender is.

Usually if it is a phish, the email sender will not be from a @godaddy.com email.

 

Most if not all generic emails have been involved in such a breach. It's not safe to use ISP email accounts to manage domains.

 

I would not recommend users use their personal emails to secure their registrar accounts. You should make a new + fresh email with a new, difficult password. Highly recommended to put 2FA on email and registrar account.

 

The only way to protect yourself against social engineering hacks is to use a registrar email that you have full control of and that isn't on any public WHOIS record. In order to gain access to that email, they would need to a) know it and b) do an hack onto a server, and that's not what happens, as 99.9999999% of these intrusions are scammers calling up a business and pretending to be you.

All this 2FA is only as good as the CSR on the other end, because the scammers will call from some hacker mill with "Me Joe Smith, me lost passwords" and at that point, all this 2FA is junk because the CSR will often go to "the script" to "help his customer" and start asking basic crap like for addresses, DOB, phone numbers, account numbers, etc., which is all info freely available on the dark web.

Remember, these CSRs are in the CUSTOMER SERVICE business, not the security business, and if the scammer bought the right info, it's bye bye 2FA.

 

Sure, there are many scenarios.

Better have 2FA on than not.

 

Sure, it's like putting an extra lock on the door, but it doesn't make the door itself any more secure to intrusion.

Most CSRs are giving away accounts like candy, and it even happened at GD not long ago, where a support guy was fooled by social engineering and a lot of domains were transferred out.

A registrar email you own and control (and is not on public records) + 2FA everywhere else is the best you can do.

If they figure out your email, hack your server, then call up GD and fool them into thinking it's you to get rid of 2FA, then you just need to tip your hat to their sheer intelligence and work ethic.

 

Don't get me wrong I agree with you, it happens all the time.

Social engineering attacks will always be here, just have to protect yourself as much as possible.

You can't really prevent them if your info is already out there (WHOIS info), like you said!

 

Fingers crossed the rightful owner gets it back, they should be able to right?

 

There is an attorney involved, so I'm hoping the outcome will be positive for the legitimate owner.

 

GoDaddy's plan to Remove Public Whois Information in early June sounds logical after all
.

 

Definitely, and the worldwide public WHOIS system is the single greatest source of information for scammers, and by far the biggest risk for consumers. Anyone advocating against private WHOIS is either a rip-off artist or benefits monetarily from its presence (security firms, etc.).

That's why the EU got rid of it, as this system costs the citizens of developed nations billions a year in monetary losses.

Long ago, I foolishly registered a .US, which doesn't support privacy and superseded my account-wide privacy option, and not a day after I was getting security intrusion alerts from several different companies and my ISP proceeded to give away my entire account to some jokers in Morocco (it was traced by the RCMP) sitting in a lawless zone the cops won't even enter.

Free and open WHOIS for private individuals, who are required to enter valid info, is like an endless buffet for scammers and is the primary source for social engineering threats.

It's truly insane that this system still exists in 2020.

 

I did not know they were planning for this. That is great to hear.

 

Thank you for your sharing

 

Shouldn't the response to "Me Joe Smith, me lost passwords" be "Fine, we will email you a link to reset your password"?

 

This is the social engineering hack for your ISP + personal emails. How do you get an email when you've lost your email + account passwords?

That's always the first step, get the emails, then play "forgot password" or "Call the Rep and act dumb" to gain access to anything linked to that email.