Lama.com stolen domain. DO NOT BUY!

[tetrapak]

Today someone has hacked into my GD account and stole lama.com. Apparently he was stupid enough to push it to another GD account (so they say at GD after having waited 15 mins for phone support - overseas call...).
Another funny thing is that it's being redirected to:
lamabutikk.com/lama/index.htm

WHOIS:
Domain name: lamabutikk.com

Registrant Contact:
ServeTheWorld
Morten Repshus ()
Email: ordre@servertheworld.net

Fax:
Tvetenveien 152
OSLO, 0671
NO

[domainufo]

Thanks for your post

[tetrapak]

The story gets very bizarre:

"hello,
im so sorry about lama.com, someone hacked it for me. i just ask him for fun if he can do it then he get it seriously and hack it for me.
but i want to have a deal for you, i need this domain and want to purchase from you.
Could you please let me know your asking price ?
Im serious about that and if you are not interested i'll back the domain to your account.

Best Regards"

[draggar]

That's a new way for a purchase pitch. How about calling INTERPOL after you get it back?

[GeoOwners]

gotta admit he got your attention.

Tell him your calling Navy Seal team 6

[Stian]

Today someone has hacked into my GD account and stole lama.com. Apparently he was stupid enough to push it to another GD account (so they say at GD after having waited 15 mins for phone support - overseas call...).
Another funny thing is that it's being redirected to:
lamabutikk.com/lama/index.htm

WHOIS:
Domain name: lamabutikk.com

Registrant Contact:
ServeTheWorld
Morten Repshus ()
Email: ordre@servertheworld.net

Fax:
Tvetenveien 152
OSLO, 0671
NO

Tvetenveien 152.. That's a Norwegian address.. It's here in Oslo, 10 min drive from my apartment. Morten Repshus is also a Norwegian name.

I'll do some research and make some phone calls for you.

---------- Post added at 02:40 PM ---------- Previous post was at 02:20 PM ----------

I just talked to the owner of lamabutikk.com. They just bought the domain for $7,500 USD via www.escrow.com!

Tetrapak, I'm sending you PM now.

[eurobangkok]

Hope you get the domain back, and that the unsuspecting buyer will also get their money back.

I am gradually moving all my names away from Go Daddy. Just too many thefts there. Maybe simply because they are so big.

And great work, Stian

[Mr.Domains]

That's a Norwegian address.. It's here in Oslo, 10 min drive from my apartment... I'll do some research and make some phone calls for you.

lol, International Domain Force!

[tetrapak]

Thanks a lot Stian, you are great! Helping a fellow domainer, and to your countrymen (the poor buyer) is something special!
I'm still waiting for my account exec to wake up, and for undo@godaddy.com to reply.

[katherine]

Sorry about that
I will add a note on DomainThief.com (still beta)

PS: when the name is back into your account I would subpoena GoDaddy for the thief's details and send the guns

[Stian]

This is a pretty complicated situation right here. I'll leave it up to Daniel to share the details with you after this mess is sorted out.

[stewie]

you can have it set up so that no domain can move out of your GoDaddy account unless you personally talk with your account rep...ask your account rep about that feature ,...I don't know what its called.

Thanks for the heads up...hope it all works out.

[erdinc]

I am gradually moving all my names away from Go Daddy. Just too many thefts there. Maybe simply because they are so big.

No, it is not because they are big. It is because they have very stupid methods to gain access to accounts where a person claims to have lost his password. Recently I checked what methods thieves are using. I found 3 methods. The details are below.


Method 1:
Open this page and spend a minute to check what you see:

https://supportcenter.godaddy.com/Do...rog_id=GoDaddy

What you see is a form to change your account email or to push your domain from your account to another. All they ask is a screenshot of a photoshop file where the scammer has typed your name in one of those documents:

• State issued driver's license
• State issued photo identification card
• Passport
• Military photo identification

Yes, you read it correct. A scammer can take any image file of any photo ID and open it in photoshop and type your name. Then save the image file and upload it using that form. Godaddy will change your account email to any email address the scammer submits in the form. On that page there is a button that says "chose file". The scammer would click this button to upload a fake image file.

You might think that's not possible. Think again. Late 2009 a 3 letter domain PDN dot com was stolen with this method. You can check it here.


Method 2:
Except that method you see above, there is another method which involves email forwarding your whois or account email address to scammers mail address. The simply asks your domain registrar to set email forwarding. You might think the support staff wouldn't do it. Think again.

Check out how sweet.com and direction.com was stolen:
http://preventdomaintheft.com/2008/0...steal-domains/
This article was written by the original owner of direction.com who had this domain stolen but recovered it later.

Hello Dear,

Thanks for nice services and support,

I’m tried many time to set mail forwarding for my email account, but page will not load after click on Submit button for set mail forwarding!!!

domain: SWEET.com

Tried to set: xxx@SWEET.COM forward to sillworks4@gmail.com So, Please check it and try to set this mail forwarding….and send me note when you have done it.

[the name of the administrator of sweet.com]

Thanks Again

Method 3:
The scammer will just email godaddy directly from his own email address and ask them to change your account email to his. Surprisingly godaddy will do this if they get any of the following:

your four-digit Shopper PIN or,
your 4 digit Paypal Billing ID or,
the last 6 digits of the credit card on file

Especially, if you have used your credit card on any website where you bought a domain related service, for instance if you bought domains at another registrar, if you bought domainer software at another site they would know that you are a domainer and they would know the last 6 numbers of your credit card. This is the only information needed:

http://www.warriorforum.com/main-int...rity-hole.html

Here is an excerpt on the email I got from them
"If you are unable to log in and would like us to modify the e-mail address on file for an account, we will first need to verify the account. To verify the account, please reply to this message with your four-digit Shopper PIN, 4 digit Paypal Billing ID, or the last 6 digits of the credit card on file, as well as the new e-mail address that you would like to be on file for your Go Daddy account. The change will be made promptly upon verification of information and your reply and you will receive an email confirming that the change is complete.

[CureCancer]

If your an idiot to begin with and assign yourself a simple password and simple pin code then your asking to be hacked and not to mention the amount of idiots who use free email services to manage their online assets.

[peter]

If your an idiot to begin with and assign yourself a simple password and simple pin code then your asking to be hacked and not to mention the amount of idiots who use free email services to manage their online assets.

lol that has to be the most ignorant reply of the day. congratulations. btw, it shouldn't matter if you use gmail or your own email. it's clearly the registrars fault. idiot.

[CureCancer]

lol that has to be the most ignorant reply of the day. congratulations. btw, it shouldn't matter if you use gmail or your own email. it's clearly the registrars fault. idiot.

i didnt call the OP an idiot, i was referring to idiots who use free email services and idiots who use simple passwords and blame GoDaddy for their stupidity! Your the idiot for blaming the largest most secure registrar in the world, your the idiot who is hating on godaddy. GoDaddy not only gets your domain name returned to you they also provide an outstanding customer service and support when you speak to them on the phone and resolve the issue professionally. Idiots and Jerks bash GoDaddy and favor companies like oversee.net that have not only stolen money from their customers by shill bidding on auctions but also provide the most garbage customer support service for their clients and not to mention the occasional downtime their site moniker.com has every year..... if your going to blame godaddy for someones stupidity for not being smart with their assets then truly you are the idiot.

[Mark Talbot]

The story gets very bizarre:

"hello,
im so sorry about lama.com, someone hacked it for me. i just ask him for fun if he can do it then he get it seriously and hack it for me.
but i want to have a deal for you, i need this domain and want to purchase from you.
Could you please let me know your asking price ?
Im serious about that and if you are not interested i'll back the domain to your account.

Best Regards"

I thik he means "Best Regrets"

[rngrdanny22]

That has to be one of the lamest excuses I've ever heard!

[ninjadomain]

Thanks for the warning about this name!

[erdinc]

CureCancer,
You can use the strongest password and the best email provider but still lose your GoDaddy account. Just before your message I posted a detailed description how this happens. It has nothing to do with your password or email. It is a security fault on godaddy side. Godaddy makes it very easy for thieves. The only thing they need to know is the domain they want to steal. They don't need to know anything else. Check method 1 in my message above.