Warning: In Regards to Stolen Domains

[Spade]

Within the past 48 hours it came to light that there were some very high end adult domain names being sold on DNF that were in fact stolen. I wont post them here as they may be inappropriate, but a substantial amount of money appears to have been lost (upwards of several hundred thousand). Please be advised to conduct due diligence when buying domain names!

Justin

 

[ihatebeans]

Just had an epiphany.

What if escrow is doing all of these scams?
So people will have to use their service.
Hmmmmmmmmmmmmmmmmmmmmmmm.

 

[Spade]

Just had an epiphany.

What if escrow is doing all of these scams?
So people will have to use their service.
Hmmmmmmmmmmmmmmmmmmmmmmm.

Unlikely. Escrow only verified transfer of goods. They do not insure that the property is not stolen.

Justin

 

[Charley]

These guys really are sick. Cant they find any better job?

 

[Earthian]

regarding how the scammers do it ...
some of the scams were done through a Gmail exploit ...




some scammers set up some kind of program that when a person visited a site (while being logged-in in his Google account) the program set up a filter in Gmail that redirected emails of the victim to the scammer's email account ...




then he went to the registrar of a good domain of the victim and initiated a forgot-my-password+sent-password-to-email-account procedure ... the email duplicated through the filter ... and the scammer got access to the account at the registrar ... then he transferred the domain(s) to his account (or changed the registrar account password and sold the domains through that account so that no changes would appear in the whois that might alarm prospective buyers) and hastily tried to sell the domains ...




a little after this exploit became known , it was said that Google has somehow closed the exploit ... but , also it is believed that many people that had became victims did not delete the filters in their Gmail account (even after Google mentioned that it stopped the exploit) , therefore their emails were still forwarded) ... if you got a Gmail account , it is a good idea to check your filters ...

​

 

[XJ]

Thanks for the infos. I got one more question: What about domains that sell via sedo and their escrow system? Obviously there is less chance for due diligence. Do you have any insights for that as well?

 

[DotWeekly]

Thanks for the infos. I got one more question: What about domains that sell via sedo and their escrow system? Obviously there is less chance for due diligence. Do you have any insights for that as well?

Any domain that is Listed by an entity "could" be a stolen domain. So it's best to do your homework for Every Domain! Not only for your safety, but to prevent a massive headache if the domain happened to be stolen.

 

[Charley]

What about domains that sell via sedo and their escrow system?

Those are legitimate transactions.

 

[Keral_Patel]

he was on DNF a week or so ago.. also was a mod at Nameslot.. I questioned their choice and was contacted by another mod (np member) who was going to make the owners aware.. not sure what happened after that.. I knew something was fishy with him the first 10 mins he joined ..was in chat and myself and another member i remember Pm'd each other questioning his motives

Yes he is already banned and IP range blocked.

 

[xrvel]

if you got a Gmail account , it is a good idea to check your filters ...

Thank you for the suggestion.
I will check my filter

- Kurniawan.

 

[Earthian]

XJ - since a person that has stolen a domain has control over it , he can list it on any site to sell it ... while the escrow transaction would be secure , the domain actually would be stolen ... even though the buyer would have been scammed too (and out of money) , since domains are unique and rather easily traceable to the original owner , it is common practice that the domains get returned to the original owner and the buyer then tries to find the scammer to get his money back ...

in many cases , some checking before a domain purchase is advised ... for example (but not limited to) a simple Google search of the domain (maybe together with the word stolen or scam) might turn up some results if the domain is stolen and reported/mentioned somewhere (eg. a forum or blog)







xrvel - "better safe than sorry"

​

 

[casty23]

Nothing is ever 100% safe. You can use escrow and if the domain you purchased was stolen, yes, you will lose the domain, because the rightful owner did not sell it to you and it's also likely you will NOT get your money back either. Here is a recent story of when this happened. It's stated at the bottom of the story about not getting the money back.

Now each case would be unique via Escrow, but you will NOT get your money back most of the time. At times, you can get your money back, but it can be after a very long period of time.

If you are the Seller, the money will be protected the most. So when you are selling, Escrow is near 100% safe route to go.

wow this thread is a wakeup call. I never realized that even escrow isn't always 100% safe.

 

[rafaelrls]

this world is at the end. Even domains are stolen these days

 

[dinopermana]

oh my god, the domain world came crazy

 

[Dave_Z]

I never realized that even escrow isn't always 100% safe.

There's no 100% safe system, period.

 

[foster]

stealing domain names......
a person would have to be an idiot
everything is so tracable

traceble

traceable

no i did not steal any
damn keyboard

 

[popopo]

this sounds awful...

 

[arpmn]

regarding how the scammers do it ...
some of the scams were done through a Gmail exploit ...




some scammers set up some kind of program that when a person visited a site (while being logged-in in his Google account) the program set up a filter in Gmail that redirected emails of the victim to the scammer's email account ...




then he went to the registrar of a good domain of the victim and initiated a forgot-my-password+sent-password-to-email-account procedure ... the email duplicated through the filter ... and the scammer got access to the account at the registrar ... then he transferred the domain(s) to his account (or changed the registrar account password and sold the domains through that account so that no changes would appear in the whois that might alarm prospective buyers) and hastily tried to sell the domains ...




a little after this exploit became known , it was said that Google has somehow closed the exploit ... but , also it is believed that many people that had became victims did not delete the filters in their Gmail account (even after Google mentioned that it stopped the exploit) , therefore their emails were still forwarded) ... if you got a Gmail account , it is a good idea to check your filters ...

​

Yikes. I use a Gmail account for all my domain WHOIS info. I just checked. My filters are fine. But time to change the email account to one of my domains. I'll just forward it to Gmail. Helps with WHOIS spammers. Thanks for the info.

 

[Peter]

arpmn just a note. the Gmail security whole that was being used was repaired some time ago.

 

[zabijaq]

risky biz :\

 

[rosa2]

ok...

I see