Domain stolen at Godaddy

[syed]

I have my domain name stolen at GoDaddy. I realized this after seeing the email notification about "successful transfer" that I did not initiate or authorize. I logged in to my account and did not find the domain there and I immediately called them (support) but apparently the specific department authorized to handle these matters are closed in weekends. Strange that their usual support and sales is open 24/7 but department for emergency needs are closed on weekends. Any ways, I was asked to email "undo at godaddy" and I did that within 30 mins of transfer notification email. The gd support guy i talked on phone said it should not be very complicated as the push happened just today and that its still in Godaddy network, and I really want to believe him but from the threads of 'Godaddy stolen domains', it does not seem that positive. Whats the probability of domain recovery do you think?

Current registrant name shows as "mavr0maras, alexand#r" ("0" being 'o' and "#" being 'e')

I do not want to give specifics of the domain yet but its a 3 letter .com and valued at 34k as thats the highest I'd received for it. Its just one of the couple big domains I own and I was counting on it to sell and make towards home purchase so I unfortunately cannot afford to lose it.

There were other domains in the account but this was the only domain stolen. I would appreciate all suggestions on what action I should take next.


I had not shared the password with anyone. Yes I had given customer ID and Godaddy email address to two sellers recently as they needed to push the domains.

I cant wait to see replies here, but its 5 in the morning..haven't slept with this thing on my mind so i ll hit the bed, good night (or day) and see you tomorrow

[KING dot NET]

I hope you get your domain back soon.

Regards,
EM

[owntag]

Sorry to hear this. I'm sure you can get it back soon.

[INVIGOR]

Why does it seem it's ALWAYS, ALWAYS, ALWAYS names getting stolen from GoDadddy?!?! Is their system so freaking weak that any little determined putz can steal from them? Are they being negligent? Are users being stupid? How can soooo many GoDaddy accounts be compromised? Is it because they are they biggest, therefore usually the ones in the news? I only have ONE name at GoDaddy thank goodness!

[James]

i would also post in this thread as many are subscribed and perhaps can help
http://www.dnforum.com/f26/godaddy-d...ad-389621.html

g/l

jim

[Rockefeller]

Email undo@godaddy.com and reference the 4n.net thieve.

[impactadmin]

Email undo@godaddy.com and reference the 4n.net thieve.

Sorry to hear.

Definitely email undo@godaddy.com.

Ill see if I can escalate this for you.

Huseyin,

[myst woman]

considering all the things GoDaddy does not know how to do, its a fascinating case study that they are still in business. Are all other webhosts that weak, or has godaddy just imprisoned so many domains and practices half the domain world is held intermittent hostage?

[syed]

Thanks guys, hope they do realize that it was a theft and trace it well

Sorry to hear.
Definitely email undo@godaddy.com.
Ill see if I can escalate this for you.

Huseyin,

I would really appreciate that!

[Dave Zan]

Is it because they are they biggest, therefore usually the ones in the news?

Probably. Network Solutions used to be in the news a lot regarding hijackings.

[victornumber]

hope you get it back :(

[Adam Dicker]

It constantly amazes me how people are quick to blame the registar when they fall victim to a phishing scam.

For the record, I have all my domains at Go Daddy, I activated the Domain Transfer Validation Service and I have done about 8 transfers out and never had a name stolen.

For those of you wanting to know what this service is, you select a pin and a phone number to approve transfers, when Go Daddy gets a transfer request they will only call the number you give them and if you don't give them the right code, the transfer is declined. They only call the number you give them. I use my cell pohone and have NEVER had an issue.

Use this service, call your exec account rep and tell trhem you want to enable DTVS.

For those of you that need a rep, PM me.

-=DCG=-

[syed]

i would also post in this thread as many are subscribed and perhaps can help
http://www.dnforum.com/f26/godaddy-d...ad-389621.html

Thanks for the link, I checked the thread.. it seems more about Escrow type of scam.
What is scary is that I did not get this domain into Escrow, in fact i did not sell any domain name from quite long time and this domain just disappeared out of nowhere.

Thanks for the info Adam. I actually did not blame anyone, at least not yet. I just stated what happened and how the domain just disappeared and now reflecting a different whois. I have not sold this domain and in fact have not been actively selling any high level domain in last 1-2 years, and the domain did not go to an escrow account even once. I've been aware of these escrow and domain appraisal scam attempts and in fact I did receive several fake domain appraisal scam emails but not any escrow related attempt. I've also been aware of phishing attemps - received at least 100 paypal and ebay phishing emails but I always make sure I login by direct navigation from a new browser.

I would not consider this as a scam, but more as an outright theft as I have not authorized the transfer and have not pushed the domain at all.
I am sure Godaddy should have the basic IP and other tracing methods to be able to find that out, but lets see how it goes when their domain office opens.

Another two points worth mentioning:

>> Exactly after 2 minutes of "successful transfer" email notification from Godaddy, I received an email from a variation of my own email address (myemailID.backup@gmail.com). The email simply stated "i want to speak about ***.com"
Obviously, the senders email being so similar to mine and the time at which they sent it and it referred to the domain in question - and makes it obvious that it was the perpetrator who sent the email.


>> Other two valuable domains and 55+ reg. fee domains are still intact. The perpetrator did not touch them and I am not completely sure why. Could it be because the transfer was requested and completed through ID verification and without accessing my account?
May be the perpetrator just filled the domain account change form, verified with fake ID/address and transferred to his own other account?

I appreciate everyone's help in this.

It constantly amazes me how people are quick to blame the registar when they fall victim to a phishing scam.

For the record, I have all my domains at Go Daddy, I activated the Domain Transfer Validation Service and I have done about 8 transfers out and never had a name stolen.

For those of you wanting to know what this service is, you select a pin and a phone number to approve transfers, when Go Daddy gets a transfer request they will only call the number you give them and if you don't give them the right code, the transfer is declined. They only call the number you give them. I use my cell pohone and have NEVER had an issue.

Use this service, call your exec account rep and tell trhem you want to enable DTVS.

For those of you that need a rep, PM me.

[Devil Dog]

Thanks for the link, I checked the thread.. it seems more about Escrow type of scam.
What is scary is that I did not get this domain into Escrow, in fact i did not sell any domain name from quite long time and this domain just disappeared out of nowhere.

Thanks for the info Adam. I actually did not blame anyone, at least not yet. I just stated what happened and how the domain just disappeared and now reflecting a different whois. I have not sold this domain and in fact have not been actively selling any high level domain in last 1-2 years, and the domain did not go to an escrow account even once. I've been aware of these escrow and domain appraisal scam attempts and in fact I did receive several fake domain appraisal scam emails but not any escrow related attempt. I've also been aware of phishing attemps - received at least 100 paypal and ebay phishing emails but I always make sure I login by direct navigation from a new browser.

I would not consider this as a scam, but more as an outright theft as I have not authorized the transfer and have not pushed the domain at all.
I am sure GoDaddy should have the basic IP and other tracing methods to be able to find that out, but lets see how it goes when their domain office opens.

Another two points worth mentioning:

>> Exactly after 2 minutes of "successful transfer" email notification from Godaddy, I received an email from a variation of my own email address (myemailID.backup@gmail.com). The email simply stated "i want to speak about ***.com"
Obviously, the senders email being so similar to mine and the time at which they sent it and it referred to the domain in question - and makes it obvious that it was the perpetrator who sent the email.


>> Other two valuable domains and 55+ reg. fee domains are still intact. The perpetrator did not touch them and I am not completely sure why. Could it be because the transfer was requested and completed through ID verification and without accessing my account?
May be the perpetrator just filled the domain account change form, verified with fake ID/address and transferred to his own other account?

I appreciate everyone's help in this.

Please tell me you didn't have the contact email as a @gmail.com account?

If so, therein probably lies your problem.

[south]

Use this service, call your exec account rep and tell trhem you want to enable DTVS.

-=DCG=-

Thanks Adam. Was not aware of them.

[syed]

Devil Dog, I was curious how having gmail address has any adverse implications in this case?

Just wanted to share with you guys that the domain is now recovered!
Their domain tech department seemed pretty quick in replying and resolved it within 1 day of ID verification. They didn't give details on how it got compromised but did give suggestions on how this can be avoided. Like Adam suggested, if you own any big domains with them, you might want to go for their 'protective registration'.

"* To ensure that your domain name do not transfer, expire, or get stolen, sign up for our Protected Registration,
https://www.GoDaddy.com/gdshop/protect/landing.asp?se=%2B&ci=6442"

Happy ending to this one after all!

if anyone curious, the domain was P - D - N - C O M

[Devil Dog]

Devil Dog, I was curious how having gmail address has any adverse implications in this case?
\

It has been widely publisized how how unsecure gmail addresses are, especially for domains.