Domain Theft Story

20 Mar · by Tim Kamanin · 4 min read

This story happened to me last Sunday. That perfect morning, I logged in my email and found a message from GoDaddy telling that all my domains have been transfered. "Ooops", I thought. I quickly logged in my GoDaddy account and .... yes, all my domain names were gone... 10 domains simply disappeared. It was a very bad feeling to realize that everything you have been working on for 2 years more is gone.... terrible feeling, not worst, but terrible for sure.

OK, I looked at whois and saw that my domains still stayed on GoDaddy but were transferred to an account of some Turkish man. DNS settings stayed the same, so I had an access to all my sites. This showed me some signs of hope. I immediatelly contacted undo@godaddy.com and reported them about this robbery. The I called support team and they couldn't do anything but suggest me to contact their Undo Department by mail (undo@godaddy.com). Their department works from Mon to Fri, so it is unavailable on Sundays. "Nice move, you freaky bastard", I thought about this Turkish.

I did what I could. I had to wait for monday and hope, that scammer won't transfer my domain out of GoDaddy system or even change my DNS settings. This was hard day, so I took my girl and we went to seaside. You know, sea air helps to fight stress and makes you to think more wider and more wiser.

Monday has landed. I checked my inbox and got message from GoDaddy. They told me thay they will investigate this matter and I have 10 days to provide my Photo ID and fill in UNDO form to get my domains back. Meanwhile, they blocked my domains, so noone could transfer them out or change settings. This gave me a portion of patience. I filled out all docs and sent it out to GoDaddy.

Tuesday. I got message from GoDaddy. They unlocked half of domains where I was listed as registrant and asked me to provide Photo IDs for registrants of my remaining domains. Thank God, they were not fake persons, so I could quickly obtain photo ids and send em out to GoDaddy.

Wednesday. All my domains are back. Hooray! Pretty tough times and good lesson for me... and I hope for you.

Do you want to know how scammers got an access to my GoDaddy account? Phishing...Yes, you may laugh, and I can do so. I always thiugh that I'm clever enough to not to become a victim of phishing, but I was wrong. I remembered, that on Saturday I got a message from Godaddy, where they were asking me to update my vital data otherwise my account will be blocked. It was a pretty standard message. I thought about phishing first, but looked at the link and found nothing strange (I had to do it more carefully). The link looked like: login.godaddy.com
.alsdhkajhsdkagfkaskfgasfkjasf.example.com
/askdjalksdhkjahsd?aklsjdfgbvnnsl At first sight, nothing wrong, but if you'll look carefully you'll nothice that this is 5th level domain... This is how I stupidly gave out my access details. I blame myself for doing this but we all are human.

Bad practice, but good experience, here is my domain security tips I learned:

1. Use domain private registration when it is possible. No one will know actual owner info. No one will know your email address to send a phishing message.

2. Always provide true registrant data. You'll have chances to get your domains back only if a real person owns a domain.

3. Use one unique e-mail address per domain to list it in registrant info. You can set up a forwarding from these emails to your main inbox. More emails, less chances to be scammed.

4. Don't put all eggs in one basket. Use different registars. Have few domains per account. You can register more than one account for GoDaddy.

5. Keep you main email address secure. Change your password every week.

6. Never use same password for registar account, email, your web site admin etc.

7. Remember, you have only 15 days to undo domain transfer if you're on GoDaddy (really dunno, maybe this is Icann's rule and is applied to all registars). So contact undo@godaddy.com immediatelly!

I hope this story and my tips will help you to keep your web property in safe. Nothing can be 100% safe in this world, but 70% of safety is more that 20%. So it is up to you. Good luck and thanks for reading this.

Comments

Required for comment verification



hs

Hi, my domain was hijacked. I login my godaddy account and no longer see the domain in my account but it is still with godaddy. The registrant is now someone else. This happened 7 days ago and is it possible to take it back?

Reply · 8 years, 8 months ago
Anonymous

Thanks for posting your experience. I had a similar experience with 124 domain names, and the return process was similar to yours. Domains got jacked on 5 Jan and after filing the necessary paperwork with undo@godaddy.com, had them all returned 7 Jan.

Reply · 8 years, 8 months ago