Keep your whois details current – Especially keep your admin email domain registered!

Posted on May 3, 2013 by Konstantinos Zournas

I was checking my domain deciding what domains to renew. I usually also check the other extensions in order to make a decision. When deciding to renew or not a .info domain I noticed that the .net had an registrant email address that used the .biz version. Te only problem was that the .biz was not registered at that time.

I tried to warn the domain name owner (by sending an email that went, surprise, unanswered) that not only he had let the .biz expire and he was risking losing the .net either by missing a renewal notice or if a thief used the .biz to create the .net registrant email address and steal the domain. A couple of days later I noticed that someone bought the .biz and is now parking it.

In fact ICANN’s GNSO is suggesting as a best practice in the Expired Registration Recovery Policy that registrars should advise registered name holders to provide a secondary email point of contact that is not associated with the domain name itself so that in case of expiration, reminders can be delivered to this secondary email point of contact.

So it is always a good idea to keep your whois details current and especially to keep your admin/owner email address domain name registered and renewed. I renew my admin email domains well in advance, usually for 5-10 years. It is good practice to also renew any nameserver domains you may have as well.

New Go Daddy Phishing Attack

Posted on January 10, 2013 by Konstantinos Zournas

Go Daddy made an announcement that there is a phishing attack underway that may affect some of it’s customers. I suggest as a general rule to not click on links inside of emails.

Here is the announcement:

Phishing Attack Affects Some Customers

In an effort to keep you in the know, and to help prevent you from clicking a malicious link, we want to show you the most recent malware scheme we’re seeing. The email looks like this:

Send any suspicious emails you receive as an attachment to phishing@secureserver.net.

For more information on how to handle external phishing attacks, go here.

Go Daddy coupon code scam – Beware!

Posted on December 17, 2012 by Konstantinos Zournas

I was renewing a few domains at Go Daddy and as the last code I had that gave me 32% off any order had expired I searched the internet to find a similar coupon code.

I found one code here for “32% Off All Orders”. As the code was not visible I clicked on the link so the code would be applied to my account and cart at Go Daddy. I noticed a price drop in my cart but also noticed something else. The currency had been changed from USD to GBP (British Pounds). That effectively had the appearance that I was getting a discount but I was actually paying full price. Here is what the cart looks like before and after clicking the coupon link:

Go Daddy Scam – before

Go Daddy Scam – after

The dollar to GBP currency conversion has a 37% difference so it is pretty close to the 32% promised by the coupon code so anyone can be fooled to think that they are getting a discount. Godaddy doesn’t pay it’s affiliates a commission when clients use a coupon code. Using a coupon code nullifies any commission an affiliate could earn. So Go Daddy affiliates are inclined to trick the customer into paying full price for domains names or other services. Beware of this scam because once you pay full price there is no way to get your money back.

By the way here is a code for 30% off any order at Go Daddy: DEC2012B.

Follow your own advice – Even as a spammer

Posted on December 7, 2012 by Konstantinos Zournas

I got the usual spam email for a newly registered domain that I got as a joke. I was sure that this wasn’t a serious inquiry but I opened the email anyway. It came from “TLD Availability” and it advised me to protect my branding by registered other available extensions.

By the way the domain is passwordistaco.com! It is the password used by Taco, a character in the FX tv series “The League”. You might remember Taco as he sold the DallasCowboys.com for $250k.

This is the email:

Congratulations on your purchase of passwordistaco.com.
We advise that you take an extra step in protecting your branding. This can be done by attaining more popular domain extentions (e.g. com, biz, org, net, us). We have processed your domain and have listed the available extentions.
You can view the list here:

http://tldavailability.com/?keyword=passwordistaco.com

We wish you best with your domain name. For questions regarding your domain and website contact us at support@tldavailability.com
Cordially,
Rebekah Crowe

The domain name tldavailability.com just redirects you (with an affiliate code) to a domain availability checker powered by Go Daddy. Sure, I will protect Taco and register all the available TLDs. Not!

The funny thing is that on the day I got the email they owned the domain tldavailability.com and the .info. When I checked a few hours later someone who probably got this spam email had already registered tldavailability.net and had parked it at Sedo! Then the spammer then registered the .org, .biz, .us and .co.

So the spammer didn’t follow her own advice and got screwed. Even as a spammer you need to have some sort of consistency.

And seriously, what is the point of making whois private on your first 2 domains, when you don’t make private the next 4 on other TLDs? That is plain stupid and a waste of money.

Domain transfer requests for transfers you didn’t initiate – I don’t think it’s a scam…

Posted on November 16, 2012 by Konstantinos Zournas

Every once in a while I get a domain transfer request that I have not initiated. Over 90% of the time this transfer request is from Go Daddy. I am pretty sure that Go Daddy are some of the very few registrars that allow someone to start a transfer without having an authorization code. And why would they care? They get the transfer money and leave their customers to do whatever they want. This is the subject of the request:
“Transfer of ******.INFO – Action Required”

The thing is that even if I approve the transfer using the Transaction ID and Security Code provided the transfer will not start without the auth code. (And of course all my domains are locked so even with the auth code the transfer will fail) So I don’t think that this is some scam from a domain thief. Well maybe it is if the thief is that stupid…

Sometimes I think that it might be the previous owner that thinks that he still owns the domain name. But then I look at the creation and it is 2006! That is the creation date of the domain name that I just got a transfer request to Go Daddy. And the domain was from a drop. Is it possible that someone thinks they still own a domain they last paid in 2005? Highly unlikely…

Maybe someone made a typo and requested the wrong domain name? Go Daddy keeps harassing me with these emails for many days. Wouldn’t they have found out after a week that they made a typo? I don’t know.

But I think that the answer to my questions lies with Go Daddy and a lot of it’s customers. I believe that most of the transfer requests come from people that think they are buying the domain name! It is easy to make this mistake if you are not at all familiar with domain names and what the difference of registration and transfer is. Go Daddy makes it pretty easy to do it by not asking for an auth code. I tried it and within a minute I was at checkout transferring in sex.com with a cost of just $8.17!!! (no, I didn’t pay)

Maybe Go Daddy wants to fix this problem too after fixing the expired domains privacy issue?

New appraisal scam – Old scammer

Posted on October 28, 2012 by Konstantinos Zournas

I just got a few emails today from an old scammer. I know him because he is the same scammer that contacted Morgan Linton in March. He is using an email address from a domain name registered just a couple of weeks ago at Go Daddy: levinson@best-unix-hosting-plans.com. The fake appraisal website is located at windows-7-forums.com. This domain was registered recently too. He keeps changing domain names and aliases. The scam remains the same. He is trying to lure domain owners into an appraisal with the promise of a large sale that will never happen.

Here are the first email I got:

Hello!
I’m interested in purchasing *********.biz.
What is your price?

We are in hosting business and my company invests in different web projects and domain names.
If you have a portfolio of names for sale feel free to email me.

Best Regards,
Abraham Levinson
President
Unix Hosting Plans Inc.
***********************
CONFIDENTIALITY NOTICE: This email communication may contain private, confidential, or legally privileged information intended for the sole use of the designated and/or duly authorized recipient(s). If you are not the intended recipient or have received this email in error, please notify the sender immediately by email and permanently delete all copies of this email including all attachments without reading them.

I am sure that Abraham Levinson is not his real name. The confidentiality notice is a nice touch. I couldn’t stop laughing… I replied with a price and he didn’t like it. Like he was ever going to buy the domain:

6000 eur. Ok. Do you visit domain forums? Did you sell names before?
I’m also interested in adult, financial and social network names.
Best regards,
Abraham Levinson
Best Unix Hosting Plans

Finally I got the pitch to buy an appraisal:

In order to process with the deal I need two things:

1. I need a valuation certificate.
It should be from experts I know and trust. Without a professional valuation we both cannot be sure in the final sale price.It will minimize our risks. If you don’t know what the valuation (appraisal) means please read this blog http://www.windows-7-forums.com/Archive/160395472.htm

2. It’s important for us to know that you domain has no problems with trademarks. Some evaluators include this option in the appraisalsal service. I need the evaluation service with the TM verification.

Please take into account, I’m not a novice and don’t accept free or automated valuations. I asked in the forum about reliable and independent valuation services with the trademark verification option. Please read this information:

http://www.windows-7-forums.com/Archive/160395472.htm

If the valuation comes higher you can change your asking price. After you send me the professional valuation with the trademark verification via email (usually it takes one day to obtain it) we’ll continue.
How do you want to be paid: PayPal, wire or CC?

Best regards,
Abraham Levinson
Best Unix Hosting Plans

He seems to be visiting domain forums. While he is using Privacy on all of his domain names, the domain name forum-windows-club.com that he used in Morgan’s email is currently suspended at Go Daddy (nameservers are NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM) and a name is showing at whois: Frank Tschakert. Is this his real name? Maybe not. If you know anyone by this name in any domain name forum please let me know.

It’s also very funny that he is asking for a “TM verification” appraisal while he is using windows-7-forums.com as his appraisal website.

Please stay away from this appraisal scam. He is only trying to get you to pay for the appraisal at his own website and then he will disappear. He will NOT buy your domain name.