WARNING: How to Avoid Domain Scams and Scammers

[-REECE-]

Prevention:

Google the domain (also try adding words like stolen, scammed, help, missing, etc), asking other domainers about the domain in question, checking the various marketplaces and making sure things add up... The biggest single indicator of a potential scam is the price. A scammer will want to price the domain low enough that it sells before he gets caught. Keep a watchful eye on new members. Recently modified whois is another warning sign. If other indicators are present (ex. extremely low price), proceed with extreme caution.

Some known scams:

1. Appraisal Scam -- If they ask for an appraisal, it's probably a scam.

2. Snail mail scam letters -- Letters through the mail reminding you to renew your domains from companies which aren't your current registrar

3. Compromised web-based email accounts and keyloggers -- Using an email provided to you by your Internet Service Provider is generally safer than web-based email solutions. There have been known security flaws in certain webmail applications in the past (ex. Gmail) which made compromising member accounts considerably easier than guessing a password. Understand the risks involved with using a web-based solution. Download spyware software such as Adaware Lavasoft and scan your computer daily. Keyloggers are A) easy to put on someone's computer and B) potentially catastrophic to a web based business.

4. Unauthorizing funds (particularly bad with Paypal). Paypal makes it very easy to create chargebacks. Don't accept large amounts by Paypal unless you're dealing with people you absolutely trust. Moneybookers/Escow.com are a step above Paypal, however the best option would be to go with a true escrow service such as Sedo Escrow, Moniker Domain Escrow Service or EscrowDNS.

5. Emails saying your domain requires renew/transfer/you to take a certain action. Check the email and make sure that A) it's from your registrar and B) the url mentioned matches what your registrar's would be. Safer to just visit the registrar than click the links in the email.

6. Incorrect Whois emails -- if your whois isn't incorrect, beware. Phone your registrar if you think they made a mistake.

7. Traffic/Click Fraud -- Self explanatory. If it isn't direct navigation it shouldn't be sold as such. Due diligence is required here.

8. Hijacking -- If you use one of your own domain names as the nameserver, be sure to make sure it doesn't expire or someone could fraudulently gain control of your domains.

9. Escrow.com is NOT 100% safe. They do not cover stolen domains -- buyer beware. Don't think processing a "bargain" through Escrow.com won't potentially end in you being out money. In the event a domain is stolen from someone's account, the domain WILL be returned to the original owner and you'll be out whatever you paid for the domain.

10. One thing I should add: Most free webmail providers will delete accounts after certain periods of inactivity. A clever scammer could notice that your Hotmail/Yahoo/other webmail account had expired, register that same email address (which is now available) and then proceed to "Request Password" at various registrars using what was previously your email address. If you plan on using your webmail infrequently, it's recommend you verify what amount of inactivity is tolerable and won't result in email account deletion.

 

[-REECE-]

There's another very large fraud investigation going on over at the other forum. Moderators over there have recommended people stay away from the following domains until it can be verified who the real owner is:

illu.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
neoo.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
bogy.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
veko.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
chah.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
mopi.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
admy.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
jeef.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
skyfish.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
gtgame.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
konet.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
gtoy.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
cdcm.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
keti.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
latt.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
xran.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
lave.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
anbu.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
jasu.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
morr.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
acct.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
sibe.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
jins.com [email protected] Go Daddy Software,.. 2008-04-15 2008-04-15
ftc.net [email protected] Go Daddy Software,.. 2008-04-14 2008-04-14 Federal Trade Commision(Already has been SOLD)
microgreen.com [email protected] Go Daddy Software,.. 2008-04-14 2008-04-14
gmeil.com [email protected] Go Daddy Software,.. 2008-04-13 2008-04-13
gmailcom.com [email protected] Go Daddy Software,.. 2008-04-13 2008-04-13
gmaii.com [email protected] Go Daddy Software,.. 2008-04-13 2008-04-13
frgoogle.com [email protected] Go Daddy Software,.. 2008-04-13 2008-04-13
gmile.com [email protected] Go Daddy Software,.. 2008-04-13 2008-04-13
gmill.com [email protected] Go Daddy Software,.. 2008-04-13 2008-04-13
wowmart.com [email protected] Go Daddy Software,.. 2008-04-13 2008-04-13
youworld.com [email protected] Go Daddy Software,.. 2008-04-13 2008-04-13

3004.COM
DESIGNK.COM
DTWS.COM
GMDX.COM
HZHZ.COM
ICOZ.COM
JNSP.COM
REEX.COM
YESM.COM
GEHO.COM
WIHY.COM
SMSLIFE.COM
COJI.COM
OSSY.COM
MUKS.COM Ki
IZIP.COM

junto.com [email protected] Dotster, Inc. 2008-04-13 2008-04-13
bestland.com [email protected] Dotster, Inc. 2008-04-13 2008-04-13
uspace.com [email protected] Dotster, Inc. 2008-04-13 2008-04-13
postdata.com [email protected] Dotster, Inc. 2008-04-13 2008-04-13

achannel.com [email protected] eNom, Inc. 2008-04-13 2008-04-13
texo.com [email protected] eNom, Inc. 2008-04-13 2008-04-13
rentsale.com [email protected] eNom, Inc. 2008-04-13 2008-04-13
advision.com [email protected] eNom, Inc. 2008-04-13 2008-04-13
blak.com [email protected] eNom, Inc. 2008-04-13 2008-04-13

eeee.com [email protected] Moniker Online Ser.. 2008-04-13 2008-04-13
egf.com [email protected] Moniker Online Ser.. 2008-04-13 2008-04-13
openclub.com [email protected] Name.com LLC 2008-04-15 2008-04-15
everygame.com [email protected] Name.com LLC 2008-04-15 2008-04-15
gns.net [email protected] Network Solutions,.. 2008-04-13 2008-04-13
freesociety.com [email protected] Rebel.com Services.. 2008-04-15 2008-04-15
cznet.com [email protected] register.com, Inc. 2008-04-13 2008-04-13
elli.com [email protected] register.com, Inc. 2008-04-13 2008-04-13
gtoys.com [email protected] register.com, Inc. 2008-04-13 2008-04-13


I was interested in one of these domains and I'm aware that at least 2 other NPers were in negotiations over some of these names as well. I'd recommend putting off any purchases of any of the names listed above until management over there gets to the bottom of this. The whois details are updated on these domains as per the dates the original poster suggests they were stolen and the current owner seems to be in a hurry to offload these domains, which seems somewhat questionable at best.

 

[-REECE-]

WARNING: http://www.namepros.com/warnings-and-alerts/469727-finally-happened-to-me-grrr.html

Denver (SlimPickins) fell victim to this scumbag. The information is now out there - Don't let it happen to you.

 

[Sterling]

BBUU.com is obviously not going to become available any time soon

BBUU.com is on NameJets homepage and is up to $100 pending delete.


http://www.namejet.com/Pages/Auctions/BackorderDetails.aspx?domainname=bbuu.com

 

[vlad74]

BE CAREFULL WITH FRAUDULEN "ICANN" update emails:


My GD account was hacked today. In the meantime the issue with hacking of my GoDaddy account is resolved, my correct email and owner details are restored. Shenron, thank you very much for your support!

The hacker was trying to transfer out my cvcv.com, vcvc.com, and quads to moniker account. he changed PIN, email, my name (to "adam Zicher"), address (to some US address) in the account details. He also changed the whois emails in some domains (most expensive LLLL.com) and was requesting auth codes. I was not able to login to the account becase he also changed my password and PIN code for phone requests.

GD representative whom I contacted quickly verified me and restored my email (thus I was able to receive some auth codes per email the hacker was requesting, as well as the request from Moniker to approve the transfer).

As I immeadeatly locked back all the domains (the hacker unlocked them all), no transfer out was done. I hope the issue is resoled now, but I lost approx 1 hour for this.

To my regret GoDaddy rep could not give me the IP from the hacker.

For security reasons I also changed all my passwords at my other registrators.

I also got a PM from another NPer who mentioned he had the same problem after he received ICANN update email from "godaddy". I checked once again the ICANN email I have received few days ago, and it was really fraudulent (I think this was how the hacker obtained my password)

Clicking on the link https://www.mya.godaddy.com/Login.asp? you were forwarded to http://www.godaddywh0is.com/login.aspx.htm
(now not active)

Below is the email (i expanded it in google, and it shows that the email was sent from [email protected] (google usually warns if shown email is not the same as the actual email), thus it is strange.

[email protected] <[email protected]>
to
date24 September 2008 04:44
subjectImportant ICANN Notice Regarding Your Domain Name(s)

hide details 24 Sep (5 days ago) Reply


*****************************************
Important ICANN Notice Regarding Your Domain Name(s)
*****************************************

Dear Customer,

It's that time of year again. ICANN (the Internet Corporation for Assigned Names and Numbers)
annually requires that all accredited registrars (like GoDaddy) ask their domain
administrators/registrants to review domain name contact data, and make any changes necessary to
ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more
domains registered at GoDaddy, Inc. as of September 3rd, 2008.

To review/update your contact data, simply:
+ Go to https://www.mya.godaddy.com/Login.asp?

Next, simply review the contact information for each domain name.

If,your domain contact information is inaccurate, you must correct it. (Under ICANN rules
and the terms of your registration agreement, providing false contact information can be grounds
for domain name cancellation.) To review the ICANN policy, visit: http://www.icann.org/whois/wdrp-registrant-faq.htm

Should you have any questions, please email us at [email protected] or call our customer support
line at (480) 505-8877.

Thanks for your attention and thank you for being a GoDaddy, Inc. customer.

Sincerely,
GoDaddy.com, Inc. Domain Support


If you are the domain administrator of more than one GoDaddy.com domain account, you may receive
this notice multiple times.
---------------------------------------------------------------------------------------------
Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.

THEREFORE BE CAREFULL WITH ICANN CONFIRMATION, CHECK THE LINK WHERE IT FORWARDS YOU!

 

[gemstar]

New site

http://www.sagacity.com

 

[Asaf]

Great info

I'll be sure to check this thread from time to time - you can never be to careful

Thanks Guys, keep up the good work.

 

[DaddyHalbucks]

The best tool that I have found for blocking scammers is Moniker escrow. The combination of a secure registrar with an escrow agency is fantastic.

 

[John 4220]

1.Laugh at the whole idea of appraisals:
2.Be suspicious about the price they offer
3.Ignore suggestion links
4.Be wary of the recommendations
5.Give yourself an exit plan
This are some of the methods to avoid scams and scammers.

 

[sibaong]

This payment has been selected for review and we have opened an investigation.

We suspect that this transaction may not have been authorized by the PayPal account holder.

We have placed a temporary hold on the funds until the investigation is complete.

Please provide some additional information about this transaction.

Response deadline: Feb. 5, 2008
Inquiry by PayPal - Case ID: PP-412-497-287
Status:
Waiting For Seller's Response
Transaction ID: 20C52167YT566570K
Buyer Name & Email: James Morris, [email protected]
Transaction Amount: $350,00 USD
Transaction Date: Jan. 29, 2008

Domain Whois
Administrative Contact:
nospam, kev [email protected]

:td:

 

[-REECE-]

I posted this here (and paid for a sticky) because it seems like this guy is preying on Namepros members.. With how fast he's targetting them, having merely a post in the Warnings and Alerts section just won't get the word out soon enough...

Anyone with more info on this guy, please let us know. As EG.Domains, the NPer who alerted me to this scammer told me -- it's very probable that large holders of LLLL.coms are at the very top of his list of people to scam.

Domain Whois
Administrative Contact:
nospam, kev [email protected]

:td:

 

[Sameh]

Thanks to your Blog post all his emails indexed in Google now :tu:


Please keep your blog updated with any info about him. %90 of domainers search Google before selling or replying to "direct email offers"

 

[Shasta]

So he broke into someone's paypal account and purchased a name with someone elses money? And slimpickins can you post his email account so we can investigate.

.........................................................................

Duh....I just saw that we have his email addresses. I'm sure he will get caught now.

 

[Michelle]

The scammer is not a Namepros member which makes dealing with him more difficult. .

Staff are on the case and looking at an account :tu:

 

[Sameh]

His Yahoo Messenger nickname : Crazy crazy

His Yahoo Messenger photo

-----

More info found by NPer Ronald Regging

Did some digging, heres what I found so far:

http://forums.DigitalPoint/showthread.php?t=606491

A post on DP by a user named Kevnospam (banned), asking for an appraisal for the domain PayMass.com

PayMass.com is owned by:

Whois Record

Registrant:
Dorobantu Marian
bd tomis nr 68
Constanta, Constanta 8700
Romania

Did a bit more digging for this name and found another related scam thread on NP from Nov..

http://www.namepros.com/domain-name-discussion/392137-never-sell-a-domain-name-ebay.html

Looks to be the same guy.

Wibrodomains helped get the domains back for the person in the above thread, so I have asked him if he can check out this thread and maybe shed some light. Worth a shot at least

 

[Don]

Kudos to you Reece for the sticky and extra exposure!

Hopefully nobody else will fall victim to this putz.

 

[Basement]

Thanks for the info Reece.
I'll try do some digging as well.

 

[Shasta]

Hmmm....word of advice. Last night someone posted an unbelievable offer for a great domain at a fantastic price here at Namepros. However, the ad said NO PM'S and he stated that you needed to send him and email. He then spelled out his email with the dot etc.. The person was a member since 2004 so I thought, it was a little strange, but, o.k.

Being a dummy late at night (12:00 am in California) I opened up my email program and sent them a letter saying I'd take the name. However, now looking back I realize this person has my personal email addres. So exercise caution not only if someone contacts you through your email, but, when responding to great offers for domains with a message that they won't accept PM's and that you need to email them.

 

[zurc.net]

Even more of a reason to hold onto my LLLL.com's

Thanks for the heads up, I have gotten a few offers on my LLLL.com's via email, I checked to see if any were him, but they weren't..

Thanks again,
-zurc

 

[Chris]

The scammer is not a Namepros member which makes dealing with him more difficult.

Checked the system and there was a match. His account here is:

securekev

Also had: securenkvd & kevnospam with 0 posts.

 

[mktgmark]

Big applause to everyone involved. Thanks for making Namepros safer and a great lesson to always be on the lookout for scammers.

 

[htmlindex]

Checked the system and there was a match. His account here is:

securekev

Also had: securenkvd & kevnospam with 0 posts.

Glad to see that you've closed the accounts.

I've also posted this info on DP as well to warn them just incase.

 

[weblord]

been indexed by google already and saw posted on
http://www.fka200.com/2008/01/30/llllcom-scammer-on-the-loose-warning/

 

[Charley]

The scammer is not a Namepros member which makes dealing with him more difficult. If you receive any unsolicited offers to purchase your LLLL.coms by Paypal, be on the lookout. The scammer initiates chargebacks after having had the LLLL.coms pushed into his account.

I've got these for somebody's else domain names saying they are for sale. When I contacted the owners, they were surprised.

 

[h3rm4w4n]

Domain Whois
Administrative Contact:
nospam, kev [email protected]

:td:

....

 

[Sameh]

Some of his domains :

Canadawallet.com
Dieforcash.com
Fep.name
Masspayment.net
Orderbulk.net
Paybycent.com
Paybymoney.com
Paygp.com
Paymass.com
Pokergeneraltalk.com
Sexismylife.net
Pokerwish.net
Uswallet.com


Update....

I found his/her own forum : http://www.theonlinedeal.com

After more and more evidences .. This guy is definitely (should be a girl in this case) :

Name: Marian, Dorobantu
Address: bd tomis nr 68
City/State: Constanta, Constanta
Zip code: 8700
Country: Romania
Tel: 721328329