Domains Were Stolen In Enom, What Should I Do?

[wappy]

Here is the list of stolen domain names in my eNom account, please do not buy these names.

11xp.com
5wg.com
5137.com
55ss.com
17500.com
44xp.com
17137.com
444seba.com
50wan.com
11se.com
63636.com
55125.com
78500.com
ip183.com
78777.com
61122.com
3yxx.com
3499.com
bukao.com
71566.com
caiqiu.com
66673.com
9976.com
87766.com

These domains were stolen before dawn today. I found the push confirmation email about one hour after the push, then call eNom and also submitted a ticket immediately. The support guy asked me to contact [email protected] to report this. But the weired thing was this email replied to me to submit ticket or call the technical...

I have submitted the tickets again and told them about that, and the replied ticket still asked me to contact that email...

The stolen names were transfered to Godaddy.com after the push. I also tried to call Godaddy.com at that time, but their support said that I need to contact eNom, I cannot directly contact Godaddy.

Now I am waiting for the reply from "[email protected]". Can somebody give any suggestions? Should I report it to police or find a laywer?

really appreciate!

 

[Theo]

Wow. Looks like your email was phished and you had no security questions enabled - that's a function at eNom to log into an account with extra security.

Indeed, eNom - the losing registrar - needs to address this. Contact Bari: [email protected]

 

[jrzeygirl]

Thanks Theo!!
.
Wappy - Please email me with your log in ID so I can have your account locked down and this investigated immediately

 

[Biggie]

These domains were stolen before dawn today. I found the push confirmation email about one hour after the push, then call eNom and also submitted a ticket immediately. The support guy asked me to contact [email protected] to report this. But the weired thing was this email replied to me to submit ticket or call the technical...

I have submitted the tickets again and told them about that, and the replied ticket still asked me to contact that email...

The stolen names were transfered to Godaddy.com after the push. I also tried to call Godaddy.com at that time, but their support said that I need to contact eNom, I cannot directly contact Godaddy.

Now I am waiting for the reply from "[email protected]". Can somebody give any suggestions? Should I report it to police or find a laywer?

really appreciate!

Hi

yes, it is very weird that the support ticket replied to you, as I'm wondering how your account was accessed.

unless you accidentally provided access via a phishing email that required or asked you to login your account.

also, weird that you didn't receive the transfer authorization from GD or the authorization codes from enom, to transfer to GD.

another weirdo, is how quickly it all occurred. as they would have to push to their account with change of whois, then request auth code, then initate transfer request to GD, then add the security codes at GD, then wait for transfer.


really hope you recover your domain names.

keep us posted.

 

[wappy]

I used security questions. I don't know how they do that. Sometime I even need to try a few times to answer the questions correct.

Thanks Theo!!
.
Wappy - Please email me with your log in ID so I can have your account locked down and this investigated immediately

 

[wappy]

Thanks, I will send you email now.

Thanks Theo!!
.
Wappy - Please email me with your log in ID so I can have your account locked down and this investigated immediately

 

[wappy]

I think the whois were changed after push to the theif's eNom account. It's why I only have the push confirmation email, but no transfer email.
The domains in eNom can be transfered out in a few minutes. I always think it is an advantage before.

Hi

yes, it is very weird that the support ticket replied to you, as I'm wondering how your account was accessed.

unless you accidentally provided access via a phishing email that required or asked you to login your account.

also, weird that you didn't receive the transfer authorization from GD or the authorization codes from enom, to transfer to GD.

another weirdo, is how quickly it all occurred. as they would have to push to their account with change of whois, then request auth code, then initate transfer request to GD, then add the security codes at GD, then wait for transfer.


really hope you recover your domain names.

keep us posted.

 

[Biggie]

I think the whois were changed after push to the theif's eNom account. It's why I only have the push confirmation email, but no transfer email.
The domains in eNom can be transfered out in a few minutes. I always think it is an advantage before.

the push confirmation, should tell who's account the names went to and Enom should be able to identify the contact info of that account.
though that info may have been bogus, there may be some forensics left behind to find the culprit.

 

[stuff]

Don`t see any names actually worth renewing. Am I missing something?

 

[angel69]

stuff, what stuff are you on dude ? lol..... NNNN.com's, some are going for $10K+, CCC.com's are well into the $$$s heading higher if the LNN, LLN, NLL, NNL type, like his (5WG.com), NNNNN.com's are in the multiple $$$s, he has many of those. I agree some are not worth renewing except they were stolen so he should want them back

 

[angel69]

The thief must've changed the email address to his own after getting into wappy's eNom acct, that's why the auth codes as well as the transfer auth email from Go Daddy were both emailed to the thief and not to wappy obviously. All this after he pushed wappy's domains to his own eNom acct which must've been a fake, but maybe the IP address he used will yield something (although a smart scammer will always use some type of proxy) Go Daddy does have a role in all this, however. And they should not be just sending wappy back to eNom, the domains are now at Go Daddy and they're stolen

But how did wappy get a push conf email from eNom ? Thiefs do not usually revert the accountholder's info at the losing registrar (eNom) back to the actual owner as he's the victim and that will alert him rather soon. Also, if wappy had the sec questions feature activated at eNom, how did the scammer bypass them ? When the rightful owner cannot remember one of the answers, or answers one wrong, there should be a strict process whereby the eNom customer can reset them, and that must involve more than clicking on a link emailed to the address on record since that could be a thief's address

And this is not the 1t time in the last year or so that I read about names stolen from eNom ending up at Go Daddy (or the 2nd or even the 3rd.....), I wonder why scammers are choosing this path more often than before, eNom is a secure enough registrar unless I've been missing something. Thiefs must also think Go Daddy won't cooperate much in any investigation, and they're right about that !

 

[wappy]

I try to reply you gently. Some of them are worthless, but few of them worth some $$$. NNNN.com now is from thounds to ten thounds dollars on market. And some of these domains have special meanings. The group of these names can be easily sold ~$30k-50k dollars on reseller market.

Don`t see any names actually worth renewing. Am I missing something?

 

[wappy]

Hi, angel69
Could you give me some hints about the cases you read before? Did the owner get back the domains? And what they did for that?
The legal and abuse department of eNom just replied me. They said the transfer from eNom to Godaddy was no problem, so they cannot do anything.
It sucks!
The theifs stole the names from my eNom account to their eNom account, then transfer the names from their eNom account to Godaddy. It's why the transfer is under ICANN requirements.

Does any one can give some more suggestions? Should I report it to US local police department, or some other place? Are there some experienced lawyer for this kind case?

Thanks

The thief must've changed the email address to his own after getting into wappy's eNom acct, that's why the auth codes as well as the transfer auth email from Go Daddy were both emailed to the thief and not to wappy obviously. All this after he pushed wappy's domains to his own eNom acct which must've been a fake, but maybe the IP address he used will yield something (although a smart scammer will always use some type of proxy) Go Daddy does have a role in all this, however. And they should not be just sending wappy back to eNom, the domains are now at Go Daddy and they're stolen

But how did wappy get a push conf email from eNom ? Thiefs do not usually revert the accountholder's info at the losing registrar (eNom) back to the actual owner as he's the victim and that will alert him rather soon. Also, if wappy had the sec questions feature activated at eNom, how did the scammer bypass them ? When the rightful owner cannot remember one of the answers, or answers one wrong, there should be a strict process whereby the eNom customer can reset them, and that must involve more than clicking on a link emailed to the address on record since that could be a thief's address

And this is not the 1t time in the last year or so that I read about names stolen from eNom ending up at Go Daddy (or the 2nd or even the 3rd.....), I wonder why scammers are choosing this path more often than before, eNom is a secure enough registrar unless I've been missing something. Thiefs must also think Go Daddy won't cooperate much in any investigation, and they're right about that !

 

[Theo]

"the transfer from eNom to Godaddy was no problem" - What does that mean? Someone, most likely not even in the US where you're located, got access to your account and transferred the domains out. They left an IP trace. Did eNom provide any detailed info?

 

[wappy]

no details yet. I am asking about the push.
They only told me the transfer...

"Thank you for your patience while we researched this request. It has been determined that the transfer of the domains are valid transactions as per ICANN Transfer Policy and Regulations. As records show that the transfers were authorized by the listed registrant of the domain at the time of transfer, we have no recourse to dispute the transfers under ICANN's current regulations.
If you still feel that there is a dispute over ownership of the domains, then this is something that will need to be settled through legal channels. I would suggest seeking legal advice on how to proceed.

eNom cannot intervene in domain ownership disputes nor do we have the authority to make any determination as to who the rightful registrant should be. If you do intend to pursue this via other channels, we will provide any information regarding the issue that we can. Of course, we will comply with any decision issued by a US court of law of appropriate jurisdiction."

"the transfer from eNom to Godaddy was no problem" - What does that mean? Someone, most likely not even in the US where you're located, got access to your account and transferred the domains out. They left an IP trace. Did eNom provide any detailed info?

 

[Theo]

This is where everything needs to change. This BS ICANN policy reference. It's like being told that your car was unlocked and driven to a stranger's garage, they didn't break into it so all is legit. But since the reference the "listed registrant" authorizing the transfer, they should provide the timestamp and IP of the "listed registrant" at that time - you, in other words. You should not have to enter any law process or subpena to get this info!

 

[wappy]

Tottaly cannot understand. enom told me that the domains transfered from the theif's enom account to godaddy was valid, and action of push the domains from my enom account to the theif's account was also under right condition.
It looks like if some one break into my house and steal my wallet, the policeman said the action is the same as you send the wallet out, even I calimed it is a steal.
I used enom for ten years, but this time it so disappointed me.

 

[wolfis.com]

i am still not sure how the thief broke into your enom account - where your security questions that easy to guess .

is this possibly a sub account ,that you got when buying a domain years back - and the person who created the account had access ?

i am just trying to get to the bottom of this ...- no red flags went of at enom when so many domains where push ?

if i where you i would file a police report and get a lawyer to contact enom.com and godaddy .

i really hope you get your names back !

 

[wappy]

Thanks wolfis.
I don't know how they can do that. Kaspersky is always on on my PC, and I have used several anti virus program to check, no trorjan was found in my PC.
I can imagine they know my ID, password, but the security answers didn't use other anywhere.
I asked the log on information on that day from eNom. The theif logged in my account via a dedicated server in US, once time successed. And even a few success log in from different worldwide IP before the push at the same day.

I hope eNom can start a TDRP to help me to get back the domains, but the don't. The domain-dispute email didn't answer me anymore after they gave me the result of valid tansfer. They never answered about the unauthorized push.

I am contacting lawyer now. But not to report to police yet, I am too optimistic to hope on eNom's help.

i am still not sure how the thief broke into your enom account - where your security questions that easy to guess .

is this possibly a sub account ,that you got when buying a domain years back - and the person who created the account had access ?

i am just trying to get to the bottom of this ...- no red flags went of at enom when so many domains where push ?

if i where you i would file a police report and get a lawyer to contact enom.com and godaddy .

i really hope you get your names back !

 

[Theo]

PM me the detailed info (IPs etc) if you want an independent review on the theft.