ESE.com hijacked at moniker

**exponent** · 09-06-2008, 08:18 PM

Be thankful it wasn't NSI. Network Solutions has violated court orders to return a 3-letter domain that was stolen from me.

**jdomains** · 09-06-2008, 11:02 PM

wow, thanks for the heads up on this technique

**DNP** · 09-06-2008, 11:16 PM

Those Iranian(s)! There is a bomb called The Joint Direct Attack Munition developed by the US Air Force and the US Navy which is the most accurate bomb in the world. After release, its location is continually monitored by seven different satellites and it can hit targets with an accuracy of within 6 ft. 7 in. I hope sometime it can be used against those "domainer(s)".

Originally Posted by jdomains

wow, thanks for the heads up on this technique

Right, I was aware of it and always:

1. Phone the sedo office main line asking to transfer ne to the direct local of a transfer agent who emailed me.
2. Check the email header.
3. Google the sender name.

**Acro** · 09-06-2008, 11:20 PM

Originally Posted by DNP

it can hit targets with an accuracy of within 6 ft. 7 in.

Osama is 6ft 7in so apparently that's why they keep missing him

**ksinclair** · 09-06-2008, 11:43 PM

Thank you; it is great advice to login to sedo to check status, instead of just reacting to emails. So what that means is any email from sedo should be regarded as a notice more than anything.

Kevin

**Acro** · 09-06-2008, 11:48 PM

sedo's emails are another link in the chain of social engineering. They contain info that can be replicated, forged and emulated. They are *predictable*, just like their implementation of predictable, sequential numbering of customer id's and auctions. These "hackers" have very limited cracking skills. They base their success on their social engineering skills, they use a human's approach to a situation - not a computer's cold ON/OFF - ZERO/ONE approach. To safeguard oneself against this approach, you basically have to treat each communication as a potential fraud.

**Stian** · 09-07-2008, 03:15 AM

Wow. I would've fallen for that one myself. I get lots of those push requests from sedo every week and I don't exactly analyze them before I push the domain. I will do that from now on. I'm glad to hear that you have things under control and that you will get your domain back.

Btw, this 'j p' guy (he used the email: originalprogz@gmail.com) also made me a €7,000 offer for 4-4.com a couple of weeks ago, but thankfully I had already sent the name to sedo auction by then.

Damn I'm tired of all these scammers. I hope we can catch just one of them some day and have a public execution!

**NetworkMsia** · 09-07-2008, 03:52 AM

Glad to hear you got your domain back. and glad to hear that Moniker has never loosed a customers domain so far =)

**dominator** · 09-07-2008, 03:59 AM

ESE.com hijacked at moniker

sorry but the title is wrong

you pushed the domain
nobody hijacked it

and why should moniker prevent you from pushing?

the title should rather contain the words "sedo" and "scam"

- - -

more data to "Colin":

Received: from localhost.seproductions.co.uk (localhost.seproductions.co.uk [213.171.222.208])

X-COMPLAINTS: abuse@sharpmail.co.uk
Message-Id: <20080906193456.E4E4F272FA@localhost.seproductions .co.uk>

**EJS** · 09-07-2008, 07:38 AM

Originally Posted by alldig

Monte and the Moniker have put the domain on lock and are investigating this case. When the domain is pushed back to my Moniker account it will be for sale again (an offer around the 30k mark will secure the domain). Thanks for the support.

I copy / pasted the wrong email into my initial post. The email I received from colin.finnan@sedo.com on september 4th read:

Dear Mr. Ambrose,

Now that the buyer has made payment into Our escrow account you can push the ese.com domain
into our Moniker account and finish your part of this transfer.

Please log into your Moniker account, Go to your Domain management ,Click on Push Button

And Do The Push with following information:

Account number: 77514
Authorization Code: FFC97F476A
Email: transferserives@sedo.com
domain name: ese.com

As soon as the domain is in our Moniker account, we will be able to process
your payment.

Now would be a good time to ensure that your payment information with Sedo is
accurate. Please click on the following link:

http://www.sedo.com/member/bankdata.php4

and login to your Sedo account, in order to verify your information.

Should you have any questions or difficulties with this step please let us
know.

Best regards,

Colin Finnan
Domain-Transfers
--
Sedo GmbH :: Im Mediapark 6 ::50670 Cologne (Germany)
tel +49 221.34030.188 :: fax +49 221.34030.109
http://www.sedo.com :: mailto: colin.finnan@sedo.com

District Court of Cologne HRB 35019
Board of Management: Tim Schumacher, Ulrich Priesner, Marius W?

Confidentiality Statement:
This e-mail, including attachments, may include confidential and/or proprietary
information, and may be used only by the person or entity to which it is
addressed. If the reader of this e-mail is not the intended recipient or his or
her authorized agent, the reader is hereby notified that any dissemination,
distribution or copying of this e-mail is prohibited. If you have received this
e-mail in error, please notify the sender by replying to this message and
delete this e-mail immediately.

If this thief is ever found, I wonder if you could have him charged with identity theft, as he impersonated an actual Sedo employee.

Also, the guy spelled "transfer services" incorrectly in the sedo email he gave: Email: transferserives@sedo.com

**Ehsan** · 09-07-2008, 10:11 AM

WoW something new everyday , Hope you get it back soon dude

**intellect** · 09-07-2008, 04:21 PM

orginalprogz@gmail.com made offers of my 2 LLL.coms as well. Serial scammer on the loose. Also watch out if you get emails from moneyary@gmail.com. This scum needs to be caught.

**DomainMagnate** · 09-07-2008, 04:28 PM

so, on a more practical note. Most spoof emails have fake links which are easy to spot, but this is rather tricky.
So what's the easiest way to be sure such an email is genuine? Calling sedo should do it, but is there a technical way? Suppose you could check headers and compare ips..

**dominator** · 09-07-2008, 04:36 PM

Originally Posted by Michael_Goldman

So what's the easiest way to be sure such an email is genuine?

login and check the transaction
it will be "unpaid"

**intellect** · 09-07-2008, 04:53 PM

http://www.microsoft.com/protect/you.../identify.mspx

Looks like one tip is if you roll over the link and it shows a different link than shown in the email link then that should raise some flags. If there is software or other tips, please share...

**Acro** · 09-07-2008, 06:25 PM

Again, log into your account and review the latest status of the transaction.

**bdjuf** · 09-07-2008, 10:41 PM

this was the email the guy used to make me offers on my domains:
p4ymentor@gmail.com

using the following subjects:

about *domain*
*domain*
do you sell *domain*

mass mailing domain owners, getting them into sedo, and then somehow hacking/stealing

**Acro** · 09-07-2008, 10:44 PM

Originally Posted by bdjuf

mass mailing domain owners, getting them into sedo, and then somehow hacking/stealing

Read my blog for more info on this method.

**dragonhawk** · 09-07-2008, 11:11 PM

This guy tried to get me with my 3L.com domain too... We agreed on a price for the domain and he wanted to use sedo Escrow. I refused and initiated an Escrow.com transaction instead. He never replied after that... Guess I can count myself lucky.