Domain Magnate

A new GoDaddy phishing scheme is spreading quickly now, I personally received 4 identical emails from them just an hour ago. Many other domainers reported receiving these, some 5-7 at a time. The email, which appears to come from support@godaddy.com but it points to: http://205.234.236.23/~ytrindic/ It’s a server in Pakistan mzwebhost.com

Domain Registration Confirmation

Dear Customer,

This notification is generated automatically as a service to you.

Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security.
Please click on sign in to domain servers to continue to the verification process and ensure your account security. It is all about your security. Thank you. and visit the customer service section.

please contact us within 1 days.

If you need to address this matter, or in any way need further assistance or technical support, call us any time at (480) 505-8877 or email us at support@godaddy.com. We appreciate your business!

Sincerely,
GoDaddy.com DomainAlert team

The emails also have the “regular” legal addition which makes them look rather authentic:

*Free hosting, photo album and blog services are ad-supported. Ad-supported Web sites contain
relevant online advertising on a small portion of the site, but DO NOT include obtrusive pop-up ads.
**Not applicable to premium domains, bulk domain purchases, discounted domain products, Sunrise/Landrush domain registrations, .ME domain registrations, discounted memberships or maintenance plans; additional disk space and bandwidth renewals, custom page layouts, custom headers, posters or gift cards. Discount reflected in your shopping cart – cannot be used in conjunction with any other offer or promotion.

Copyright © 2009 GoDaddy.com, Inc.. All rights reserved.

In general these emails look pretty good, much better than the regular scams, where after seeing the “dear sir/madam” you can figure it’s a scam right away. This email even had a smaller frame with a 10% off code and a few real links to GoDaddy.com

Take 10%** off your next order at GoDaddy.com.
Simply enter gdbb366 in your shopping cart or mention the offer code when you call (480) 505-8877.

The question remains however will these guys ever learn to spell and actually write in decent English? However many people don’t read email and just check the title, open it and click the link if it looks authentic.

Last, but not least - be sure to mouse over all links in email before clicking them!

Got another one of those appraisal scam emails today. Luckily they land in spam folder now:

Peter Miller Tue, Mar 17, 2009 at 6:31 AM
To: domainadmin
Dear sir,

we are interested to buy your domain name AARR.COM and offer to buy it from you for 65% of the appraised market value.

As of now we accept appraisals from either one of the following leading appraisal companies:

sedo.com
pedma.com
accuratedomains.com

If you already have an appraisal please forward it to us.

As soon as we have received your appraisal we will send you our payment (we use Paypal for amounts less than $2,000 and escrow.com for amounts above $2,000) as well as further instructions on how to complete the transfer of the domain name.

We appreciate your business,

Thanks,
P. Miller

Another new phishing scheme is unveiling, you get the scope here!

I recently received this email: read more »

Update: yxl.com was recovered with the help of godaddy

More stolen names might soon pop up for sale, so be warned!

Also a quick reminder: don’t use gmail, or other free email addresses as whois addresses for your domains. They can be hacked!

More details are from a namepros thread:

Some of them are:

yxl.com
zutan.com
filelime.com
relian.com
visitchina.net
visitjapan.net
youlun.com
studentflats.com
studentapartment.com
jiemeng.com
langzi.com
….. read more »

I’ve been getting these emails by the dozens lately. A new spam/scam type is out: partnership proposal emails. I’m still not sure what they want as they never seem to answer when you reply back, but here are some of the emails:

Hello,

I just came across your website - wcasinos.net and I want to ask if I can sponsor a text link on your website.

Please e-mail me back and I will send you additional information.

Best Regards,
Todd McGregor
Advertising Consultant
Business Development Department

If you do not respond to this email you will not receive any additional emails from us. To permanently delete yourself from our list, simply reply to this with a blank email and you will not receive any communication from us in the future.

—————————————————————-

read more »

Another scammer popped up in dnforum and tried to sell a few 3 and 4 letter domains:

It’s was xandomains, Yang Xin from Shanghai, who is now banned on dnf.

Among the stolen names are:
ZRU.com
LNTH.COM
LTGP.COM
TDBF.COM
ANIL.com
0L9.COM
ENCD.COM
KFAL.COM
FYUP.COM
UNWB.COM
More info here and here 

New Vawe of Fake ICANN Emails is out trying to get your logins and password to steal domains, so be warned. A few reports were posted on DNF.

Update: ICANNResolve.com site is down now.

To:    [email]xxxx@xxxxx.com[/email]
Subject:    ICANN - Domain Upgrade Notice
Date:    Tue, 24 Jun 2008 06:22:08 +0200
From:    “ICANN” <icann@icannresolve.com>

Dear Domain Account Holder,

You are being sent this notice from ICANN due to the fact that you
currently own an active domain name. ICANN is currently upgrading all
domains from their registry database.

The upgrade will introduce new control options for your domain and
easier
access. The new upgrade is required by the registry. All domain users
are
expected to submit their domain information manually at
[url]http://www.icannresolve.com/email/link.php?M=821&N=5&L=1&F=T[/url] with the
required information for ICANN to apply the required updates. read more »

I got like 5 messages for my various sites asking for phone number with interest to purchase the website. However the emails looked unprofessional so it’s quite clear this is not a real inquiry.

Update: I got many reports from others who received same messages and I could only speculate but they never reply, so I’m thinking they are just collecting phone numbers and sites. What for? Maybe to offer some hosting or other products, or spam you with some related offers. Maybe for some sophisticated scamming attempts..

There is a dnf thread about this. Anyone knows what they want?

Business Proposal

Thursday, June 5, 2008 5:29 PM

 

 

From:

read more »

Rick reported this recently on his blog:

It appears GoDaddy.com gives you the option to cancel a transfer, after you have done an account change and the new owner has accepted the domain. How ludicrous is this? I’ve just had it happen a second time. Someone sends you a name, so you send them the money. The next thing they know, they pull it back! All they have to do is go to their account, go to pending account changes, check the box and click cancel. They can do this after it is finished!

Now in both cases it worked out fine because they had pulled it back because of a misunderstanding and quickly did another account change. It still leaves a huge door open for fraud.

I’m sure other registrars would let you pull back a domain as well, after you’ve pushed it.

I suppose it’s been around for a while, but this is the first time I hear about that and this could be a serious problem. Another reason to avoid godaddy and to be extra cautious, especially when dealing with new people.

In shade of recent events on DNForum, where some stolen domains were sold and others offered for sales and brokered, be very careful when asked to broker domains.

If a newbie member on a domaining forum asks you to broker a premium domain, there is a high chance it’s a stolen domain, otherwise why wouldn’t he do it himself? read more »