Domain Magnate

Lately I’ve noticed several interesting site sales on DP and all had the same in common:

- sellers were very eager to sell their sites quick and asked for quick offers
- sellers provided only partial and outdated stats data
- all looked like very good deals

Many of the deals were quite enticing and the stats and data seemed realistic enough, so I dug deeper and as expected they were all scams, but following a very interesting pattern.

The scammers tried to “sell” sites that were previously listed for sale on flippa, so they used the screenshots and data posted by the actual owners on flippa at the time of the auction. Some of these were still active, some ended unsold. After an auction ends on flippa the screenshots are no longer visible. It’s also fairly easy to make similar, “updated”, fake screenshots having the original.

This is not a “grey” type of scam where site owners would slightly exaggerate their stats, round it up, or even show fake screenshots. The scammers didn’t own any sites and those who fell victim and sent them the cash through paypal quickly to buy it never got anything in return.

How can you spot a scam like that?

1. First and foremost a quick google search for the site will show if there was a flippa auction or if it was for sale anywhere else before so that the scammer could gather the data from there.
2. Request the scammer to prove ownership by inserting some unique text in the site  code – this is the easiest way to prove he actually owns the site.
3. Further background checks on the seller, his forum/email/messenger ids will frequently reveal any previous misdoings.

Stay safe, don’t rush and do proper due diligence before any purchase!

I started a thread yesterday on the DigitalPoint forums asking for 3 character domains to buy and 2 members already tried to scam me. Surprisingly the way they try to do it is extremely simple – they try to sell you a domain they don’t really own and accept payment through Western Union, Bank Wire, or MoneyBookers or even  paypal even though with paypal the transaction can be reversed. But I suppose they might be able to transfer the funds away before you do a chargeback in this case.

One of them is ShayGA. He pmed me offering to buy A66.com for $500. However a quick check reveals that it’s an active site and they are not likely to be interested in selling the domain. So I asked him to confirm that he owns the domain and he never replied. I dug a bit on him and found out that he only joined a couple days ago, but already had a lot of ‘sales’ going on. Most of these threads end with the members accusing the topic starter of being a scammer. I guess there are people who actually buy into this, otherwise he wouldn’t be doing it.

Update: I was told by another fellow domainer that this guy is also trying to “sell” that domain on NamePros. Luckily on NP and DNF the mods and members  are alert and swift in banning scammers.

Another one was Venliven – a recently joined member, I guess he joined when he saw my thread because that is where he made his first and second posts. It took me about 5 seconds to realize this might be a scammer by the strange question “What is your payment method?” – naturally it’s going to be paypal. I decided to play it out and see if I can get his details to post them here.

So I replied to his pm asking what were the domains – he answered with www.wut.com and www.juk.com.  To get the final confirmation that it was a scammer I decided to lowball and offered $2k for each (the actual market price for these would be at least $5k  each) and told him that if he accepts to pm me his bank and western union details, as well as moneybookers and I’ll see what’s easier for me to pay with. Scammers register new usernames daily, but in case someone asks you to send money to these addresses you’ll know who you are dealing with:

Western Union:
Zaid Lutfi , United arab emirates

Western Union:
Steven Burken
UpHill Sight 3/2

MoneyBookers:
w.a.t.e.r@hotmail.co.uk

Bank Account in UK:
39032157

Afterwards I asked him to confirm that he actually owns the domains by adding something in the whois contacts – he started sending weird messages with all kinds of lame excuses. Many of them didn’t even make much sense: “Without my hosting on I don’t have a server” – huh?

There are so many scammers on DP it’s ridiculous. And the mods don’t usually ban them since they don’t  break any petty rules, while DP mods don’t get involved in business between members. However those scammers are very easy to recognize. More sophisticated are the scammers that actually steal or sell stolen domains. Sometimes even experienced domainers fall victim to such crimes in this popular thread at dnf.

A new GoDaddy phishing scheme is spreading quickly now, I personally received 4 identical emails from them just an hour ago. Many other domainers reported receiving these, some 5-7 at a time. The email, which appears to come from support@godaddy.com but it points to: http://205.234.236.23/~ytrindic/ It’s a server in Pakistan mzwebhost.com

Domain Registration Confirmation

Dear Customer,

This notification is generated automatically as a service to you.

Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security.
Please click on sign in to domain servers to continue to the verification process and ensure your account security. It is all about your security. Thank you. and visit the customer service section.

please contact us within 1 days.

If you need to address this matter, or in any way need further assistance or technical support, call us any time at (480) 505-8877 or email us at support@godaddy.com. We appreciate your business!

Sincerely,
GoDaddy.com DomainAlert team

The emails also have the “regular” legal addition which makes them look rather authentic:

*Free hosting, photo album and blog services are ad-supported. Ad-supported Web sites contain
relevant online advertising on a small portion of the site, but DO NOT include obtrusive pop-up ads.
**Not applicable to premium domains, bulk domain purchases, discounted domain products, Sunrise/Landrush domain registrations, .ME domain registrations, discounted memberships or maintenance plans; additional disk space and bandwidth renewals, custom page layouts, custom headers, posters or gift cards. Discount reflected in your shopping cart – cannot be used in conjunction with any other offer or promotion.

Copyright © 2009 GoDaddy.com, Inc.. All rights reserved.

In general these emails look pretty good, much better than the regular scams, where after seeing the “dear sir/madam” you can figure it’s a scam right away. This email even had a smaller frame with a 10% off code and a few real links to GoDaddy.com

Take 10%** off your next order at GoDaddy.com.
Simply enter gdbb366 in your shopping cart or mention the offer code when you call (480) 505-8877.

The question remains however will these guys ever learn to spell and actually write in decent English? However many people don’t read email and just check the title, open it and click the link if it looks authentic.

Last, but not least – be sure to mouse over all links in email before clicking them!

Got another one of those appraisal scam emails today. Luckily they land in spam folder now:

Peter Miller Tue, Mar 17, 2009 at 6:31 AM
To: domainadmin
Dear sir,

we are interested to buy your domain name AARR.COM and offer to buy it from you for 65% of the appraised market value.

As of now we accept appraisals from either one of the following leading appraisal companies:

sedo.com
pedma.com
accuratedomains.com

If you already have an appraisal please forward it to us.

As soon as we have received your appraisal we will send you our payment (we use Paypal for amounts less than $2,000 and escrow.com for amounts above $2,000) as well as further instructions on how to complete the transfer of the domain name.

We appreciate your business,

Thanks,
P. Miller

Another new phishing scheme is unveiling, you get the scope here!

I recently received this email: read more »

Update: yxl.com was recovered with the help of godaddy

More stolen names might soon pop up for sale, so be warned!

Also a quick reminder: don’t use gmail, or other free email addresses as whois addresses for your domains. They can be hacked!

More details are from a namepros thread:

Some of them are:

yxl.com
zutan.com
filelime.com
relian.com
visitchina.net
visitjapan.net
youlun.com
studentflats.com
studentapartment.com
jiemeng.com
langzi.com
….. read more »

I’ve been getting these emails by the dozens lately. A new spam/scam type is out: partnership proposal emails. I’m still not sure what they want as they never seem to answer when you reply back, but here are some of the emails:

Hello,

I just came across your website – wcasinos.net and I want to ask if I can sponsor a text link on your website.

Please e-mail me back and I will send you additional information.

Best Regards,
Todd McGregor
Advertising Consultant
Business Development Department

If you do not respond to this email you will not receive any additional emails from us. To permanently delete yourself from our list, simply reply to this with a blank email and you will not receive any communication from us in the future.

—————————————————————-

read more »

Another scammer popped up in dnforum and tried to sell a few 3 and 4 letter domains:

It’s was xandomains, Yang Xin from Shanghai, who is now banned on dnf.

Among the stolen names are:
ZRU.com
LNTH.COM
LTGP.COM
TDBF.COM
ANIL.com
0L9.COM
ENCD.COM
KFAL.COM
FYUP.COM
UNWB.COM
More info here and here 

New Vawe of Fake ICANN Emails is out trying to get your logins and password to steal domains, so be warned. A few reports were posted on DNF.

Update: ICANNResolve.com site is down now.

To:    [email]xxxx@xxxxx.com[/email]
Subject:    ICANN – Domain Upgrade Notice
Date:    Tue, 24 Jun 2008 06:22:08 +0200
From:    “ICANN” <icann@icannresolve.com>

Dear Domain Account Holder,

You are being sent this notice from ICANN due to the fact that you
currently own an active domain name. ICANN is currently upgrading all
domains from their registry database.

The upgrade will introduce new control options for your domain and
easier
access. The new upgrade is required by the registry. All domain users
are
expected to submit their domain information manually at
[url]http://www.icannresolve.com/email/link.php?M=821&N=5&L=1&F=T[/url] with the
required information for ICANN to apply the required updates. read more »

I got like 5 messages for my various sites asking for phone number with interest to purchase the website. However the emails looked unprofessional so it’s quite clear this is not a real inquiry.

Update: I got many reports from others who received same messages and I could only speculate but they never reply, so I’m thinking they are just collecting phone numbers and sites. What for? Maybe to offer some hosting or other products, or spam you with some related offers. Maybe for some sophisticated scamming attempts..

There is a dnf thread about this. Anyone knows what they want?

Business Proposal

Thursday, June 5, 2008 5:29 PM

 

 

From:

read more »