IT.COM

WARNING: How to Avoid Domain Scams and Scammers

Spaceship Spaceship
Watch
Prevention:

Google the domain (also try adding words like stolen, scammed, help, missing, etc), asking other domainers about the domain in question, checking the various marketplaces and making sure things add up... The biggest single indicator of a potential scam is the price. A scammer will want to price the domain low enough that it sells before he gets caught. Keep a watchful eye on new members. Recently modified whois is another warning sign. If other indicators are present (ex. extremely low price), proceed with extreme caution.

Some known scams:

1. Appraisal Scam -- If they ask for an appraisal, it's probably a scam.

2. Snail mail scam letters -- Letters through the mail reminding you to renew your domains from companies which aren't your current registrar

3. Compromised web-based email accounts and keyloggers -- Using an email provided to you by your Internet Service Provider is generally safer than web-based email solutions. There have been known security flaws in certain webmail applications in the past (ex. Gmail) which made compromising member accounts considerably easier than guessing a password. Understand the risks involved with using a web-based solution. Download spyware software such as Adaware Lavasoft and scan your computer daily. Keyloggers are A) easy to put on someone's computer and B) potentially catastrophic to a web based business.

4. Unauthorizing funds (particularly bad with Paypal). Paypal makes it very easy to create chargebacks. Don't accept large amounts by Paypal unless you're dealing with people you absolutely trust. Moneybookers/Escow.com are a step above Paypal, however the best option would be to go with a true escrow service such as Sedo Escrow, Moniker Domain Escrow Service or EscrowDNS.

5. Emails saying your domain requires renew/transfer/you to take a certain action. Check the email and make sure that A) it's from your registrar and B) the url mentioned matches what your registrar's would be. Safer to just visit the registrar than click the links in the email.

6. Incorrect Whois emails -- if your whois isn't incorrect, beware. Phone your registrar if you think they made a mistake.

7. Traffic/Click Fraud -- Self explanatory. If it isn't direct navigation it shouldn't be sold as such. Due diligence is required here.

8. Hijacking -- If you use one of your own domain names as the nameserver, be sure to make sure it doesn't expire or someone could fraudulently gain control of your domains.

9. Escrow.com is NOT 100% safe. They do not cover stolen domains -- buyer beware. Don't think processing a "bargain" through Escrow.com won't potentially end in you being out money. In the event a domain is stolen from someone's account, the domain WILL be returned to the original owner and you'll be out whatever you paid for the domain.

10. One thing I should add: Most free webmail providers will delete accounts after certain periods of inactivity. A clever scammer could notice that your Hotmail/Yahoo/other webmail account had expired, register that same email address (which is now available) and then proceed to "Request Password" at various registrars using what was previously your email address. If you plan on using your webmail infrequently, it's recommend you verify what amount of inactivity is tolerable and won't result in email account deletion.
 
Last edited:
15
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Toldo said:
That means, if escrow had the money for 15 days after domain transfer so that he can't take it back, then releasing it to the buyer. no scamming could happen from both of them.

Escrow.com protects the Buyer by allowing inspection of the merchandise before payment. This means that the buyer can change their mind and request their money back and hopefully you get your domains back. :|

With sedo, once they have possession of your domains and the payment then the transaction is completed and the buyer and seller cannot change their mind. Both are committed to the sale.
 
0
•••
bgmv said:
A few people have been getting scammed on DNF by user: inbrownstockings and miholdem

Just an FYI that I got the following two domains stolen by InBrownStockings:

dysl.com
domd.com

If anyone notices them in a sales thread somewhere I'd appreciate if they could PM me. Thanks!
 
0
•••
Not sure if this is the right place to post this, but I just got an email from [email protected]:

Hello,

Your domain name has been found online.

Please let us know your price.

We make money on selling and buying names and sites. Now the domain
business is very attractive.

Looking forward to do business with you.

Regards,
Robert Gardos
CEO
Elite Investment

The email was in regards to a domain I sold several days ago, XJQV.com. I did a little google research and is sounded pretty sketchy...
 
0
•••
sidekick_33 said:
Not sure if this is the right place to post this, but I just got an email from [email protected]:

Hello,

Your domain name has been found online.

Please let us know your price.

We make money on selling and buying names and sites. Now the domain
business is very attractive.

Looking forward to do business with you.

Regards,
Robert Gardos
CEO
Elite Investment

The email was in regards to a domain I sold several days ago, XJQV.com. I did a little google research and is sounded pretty sketchy...

Sure looks like the old appraisal scam
I just checked another forum. A poster there claimed he got an appraisal and was able to sell it as a result. I REALLY DOUBT IT
 
Last edited:
0
•••
sidekick_33 said:
Not sure if this is the right place to post this, but I just got an email from [email protected]:

Hello,

Your domain name has been found online.

Please let us know your price.

We make money on selling and buying names and sites. Now the domain
business is very attractive.

Looking forward to do business with you.

Regards,
Robert Gardos
CEO
Elite Investment

The email was in regards to a domain I sold several days ago, XJQV.com. I did a little google research and is sounded pretty sketchy...


Next email is "get an appraisal at our site"...I would bet my boots on it.
 
0
•••
Yeah, when I googled that email address, [email protected], there were several results at other forums with the same conclusion that it was a scam.

Just thought I would let people know in case it happened to them!
 
0
•••
iridium said:
Just an FYI that I got the following two domains stolen by InBrownStockings:

dysl.com
domd.com

If anyone notices them in a sales thread somewhere I'd appreciate if they could PM me. Thanks!

These names are with eNom.com.
Can eNom freeze the domains and revert back to you?
I heard that Godaddy won't help in these situations, but thought other registrars may be better.
 
0
•••
Actually, about a month ago I had several domains stolen from my eNom account and transferred to a GoDaddy account. Both registrars were very helpful in getting me all of my domains back.

As a side note, GoDaddy put an indefinite lock on the domains until the issue was resolved and eNom told me they would have as well, but since the domains were now at GoDaddy, their hands were tied.

I found eNom support to be helpful in the end and with a quick call, they will send you some forms to fill out in order to get the lock placed on your domain and begin the process of getting your stolen domains back.
 
0
•••
Thanks for the heads up, nice to hear registers are doing something about!!
 
0
•••
They can, but they probably won't, depending on how the names were stolen.
ddchan said:
Can eNom freeze the domains and revert back to you?
 
0
•••
ddchan said:
These names are with eNom.com.
Can eNom freeze the domains and revert back to you?
I heard that Godaddy won't help in these situations, but thought other registrars may be better.

In this case all the people I speak to at eNom give me the standard rundown:
"Unfortunately, we cannot assist you with this. eNom takes no responsibility for third-party domain sales and we do not have the authority to make judgments as to who has the rights to the domain. This is an issue that needs to be resolved through other channels."

They basically refuse to do anything, not even look at the specifics and the fraudulent account. This is not exactly a theft as far as enom is concerned as I did push the name and my account was never compromised. While I totally understand their general policy of not reversing "pushes", I would still expect them to make some exceptions and look at the bigger picture in specific instances like this one. In this case I presume most of the domains currently siting in the Inbrownstockings account were fraudulently "acquired" (I know of at least another party's name) and it would not take much time for eNom to verify things. By doing nothing, they are just assisting the scammers.
 
0
•••
Thanks for posting this warning - I will keep an eye out. There are too many people out there trying to scam people online. I appreciate you posting this!
 
0
•••
0
•••
sidekick_33 said:
Not sure if this is the right place to post this, but I just got an email from [email protected]:

Hello,

Your domain name has been found online.

Please let us know your price.

We make money on selling and buying names and sites. Now the domain
business is very attractive.

Looking forward to do business with you.

Regards,
Robert Gardos
CEO
Elite Investment

The email was in regards to a domain I sold several days ago, XJQV.com. I did a little google research and is sounded pretty sketchy...

i got the same email for a VCVC.info domain
appraisal cost maybe higher than enduser price for that VCVC domain :bah:
 
0
•••
thank you all for the update..will look out for the stolen domains if they ever surface n let u know
 
0
•••
I checked whois to contact the owner of a couple LLLL.coms for sale in the forum - by a brand new member. The created date for both is this month...

Created: 2008-09-05
Created: 2008-09-13

Is that possible? Even if they were recent expired domain purchases, wouldn't they still show the original created date?
 
0
•••
Depends if they went through a full drop cycle or not... if it was a registrar catch sometimes it will keep its age. If the name fully expired then yes its possible.
 
0
•••
Are any LLLL.coms fully expiring? Aren't they all caught?
 
0
•••
Sounds like those 2 may not have...
 
0
•••
I contacted the owner via whois contact info and he confirms that he's selling the names here. Also says he is affiliated with a drop-catching company that obtains expired domains the second they become available.

So I guess that explains it. Just wanted to be sure I wasn't buying stolen domains.
 
Last edited:
0
•••
BE CAREFULL WITH FRAUDULEN "ICANN" update emails:


My GD account was hacked today. In the meantime the issue with hacking of my GoDaddy account is resolved, my correct email and owner details are restored. Shenron, thank you very much for your support!

The hacker was trying to transfer out my cvcv.com, vcvc.com, and quads to moniker account. he changed PIN, email, my name (to "adam Zicher"), address (to some US address) in the account details. He also changed the whois emails in some domains (most expensive LLLL.com) and was requesting auth codes. I was not able to login to the account becase he also changed my password and PIN code for phone requests.

GD representative whom I contacted quickly verified me and restored my email (thus I was able to receive some auth codes per email the hacker was requesting, as well as the request from Moniker to approve the transfer).

As I immeadeatly locked back all the domains (the hacker unlocked them all), no transfer out was done. I hope the issue is resoled now, but I lost approx 1 hour for this.

To my regret GoDaddy rep could not give me the IP from the hacker.

For security reasons I also changed all my passwords at my other registrators.

I also got a PM from another NPer who mentioned he had the same problem after he received ICANN update email from "godaddy". I checked once again the ICANN email I have received few days ago, and it was really fraudulent (I think this was how the hacker obtained my password)

Clicking on the link https://www.mya.godaddy.com/Login.asp? you were forwarded to http://www.godaddywh0is.com/login.aspx.htm
(now not active)

Below is the email (i expanded it in google, and it shows that the email was sent from [email protected] (google usually warns if shown email is not the same as the actual email), thus it is strange.



[email protected] <[email protected]>
to
date24 September 2008 04:44
subjectImportant ICANN Notice Regarding Your Domain Name(s)

hide details 24 Sep (5 days ago) Reply


*****************************************
Important ICANN Notice Regarding Your Domain Name(s)
*****************************************

Dear Customer,

It's that time of year again. ICANN (the Internet Corporation for Assigned Names and Numbers)
annually requires that all accredited registrars (like GoDaddy) ask their domain
administrators/registrants to review domain name contact data, and make any changes necessary to
ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more
domains registered at GoDaddy, Inc. as of September 3rd, 2008.

To review/update your contact data, simply:
+ Go to https://www.mya.godaddy.com/Login.asp?

Next, simply review the contact information for each domain name.

If,your domain contact information is inaccurate, you must correct it. (Under ICANN rules
and the terms of your registration agreement, providing false contact information can be grounds
for domain name cancellation.) To review the ICANN policy, visit: http://www.icann.org/whois/wdrp-registrant-faq.htm

Should you have any questions, please email us at [email protected] or call our customer support
line at (480) 505-8877.

Thanks for your attention and thank you for being a GoDaddy, Inc. customer.

Sincerely,
GoDaddy.com, Inc. Domain Support


If you are the domain administrator of more than one GoDaddy.com domain account, you may receive
this notice multiple times.
---------------------------------------------------------------------------------------------
Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.





THEREFORE BE CAREFULL WITH ICANN CONFIRMATION, CHECK THE LINK WHERE IT FORWARDS YOU!
 
Last edited:
1
•••
I changed the thread title to better reflect that this thread is about letting fellow members know about any scamming methods or known scammers.
 
0
•••
SCAMMER ALERT

I just got scammed on DP by a guy nicknamed 'eroxite'. After doing some research, I came to a conclusion that his nickname on NP is 'JuliusOlivetti' (selling the same sites, domains, etc).

I pushed a domain first and then he refused to pay (he even tried to sell it there before he sent the payment). Then he scammed another guy (asked the guy to pay before he pushes - luckily it was paypal, so the guy did a chargeback).

Anyway, the domain he stole from me is DL-V.COM. Here's the info he's using on his domains:

#1
Rob Condell
16 Kilkenny Place, Portishead.
Bristol, South West BS20 6HA
United Kingdom
[email protected]
+011 01179584932

#2
Robbie Pring
16 Kilkenny Place, Portishead.
Bristol, South West BS20 6HA
United Kingdom
[email protected]
+011 07775656345

#3
Olivetti, Julius [email protected]
16 Kilkenny Place, Portishead.
Bristol, South West BS20 6HA
United Kingdom
01179574832 Fax --

His another email is [email protected]. His Dynadot username is robbytemplar.

He has a 100% positive feedback on DP, it's an older account, etc. But he's a damn scammer.
 
Last edited:
0
•••
dmi said:
SCAMMER ALERT

I just got scammed on DP by a guy nicknamed 'eroxite'. After doing some research, I came to a conclusion that his nickname on NP is 'JuliusOlivetti' (selling the same sites, domains, etc).

I pushed a domain first and then he refused to pay (he even tried to sell it there before he sent the payment). Then he scammed another guy (asked the guy to pay before he pushes - luckily it was paypal, so the guy did a chargeback).

Anyway, the domain he stole from me is DL-V.COM. Here's the info he's using on his domains:

#1
Rob Condell
16 Kilkenny Place, Portishead.
Bristol, South West BS20 6HA
United Kingdom
[email protected]
+011 01179584932

#2
Robbie Pring
16 Kilkenny Place, Portishead.
Bristol, South West BS20 6HA
United Kingdom
[email protected]
+011 07775656345

#3
Olivetti, Julius [email protected]
16 Kilkenny Place, Portishead.
Bristol, South West BS20 6HA
United Kingdom
01179574832 Fax --

His another email is [email protected]. His Dynadot username is robbytemplar.

He has a 100% positive feedback on DP, it's an older account, etc. But he's a damn scammer.


JFYI, none of the telephone country codes are valid. This should be something everyone checks out on the whois when considering buying or selling.
Country codes etc can be quickly checked here: http://www.kropla.com/dialcode.htm
 
0
•••
Also part your fault for pushing the domain before getting payment. That's some risky business and you just found out why.
 
0
•••
Back