Fraudulent transfer away requests

[dotNetKing]

I have just received 7 transfer away requests to Melbourne IT that I did not initiate. I received an earlier one a few weeks a go, also for a transfer to MIT.

All have been for surnames with a .net or .org extension.

The transfer requests would all have gone through automatically if I hadn?t refused them within 5 days!

Locking down domains is a bit of a hassle, and not a user option for at least half of my domain names, but it looks as though I'll need to do this where I can, and perhaps ask my registrar to lock down the domains if I don?t have access to this facility.

Has anyone else had experience of attempted theft by this method?

If you don't have your domain names locked down, make sure you keep your e-mail addresses up to date, or you could lose your domains if you never get the initial e-mail notifying you of the transfer!

 

[Lats]

That sounds odd, usually if the domain transfer request isn't answered within the 5 day period, the transfer is cancelled.

What registrar are you using?

 

[fizz]

Lats, registrars have varying requirements for transfers, and some transfers requests will be carried out if an admin contact does not respond to the e-mail requesting a transfer. You have to be vigilent.

 

[fizz]

dotNetKing, I've had a number of these fraudulent requests. When I get them, I immediately contact the firm/registrar that is requesting the transfer away and explain the situtation, and request the name of their client making that request.

This has worked for me twice, and I then send the following e-mail to the person attempting the fraud:

Dear XXX
Your actions today to take mydomainname.com constitutes an attempted fraud and if you continue, I will contact the relevant authorites.

 

[dotNetKing]

Lats: Yes, I though that normally transfers were cancelled unless the current admin address explictly approved the transfer too.

This is a part of the e-mail I received, copied and pasted:

The transfer request will be automatically completed within
5 calendar days if you don't either accept or decline the request.

This is an OpenSRS transfer, the registrar is/used to be an OpenSRS reseller or whatever.

The transfer authorisation request came from [email protected]

 

[dotNetKing]

Fizz. Thanks for your suggestions.

I've written to Melbourne IT asking who requested the transfer and also asking if there are any measures they can take to prevent people requesting fraudulent transfers.

 

[Lats]

Fizz, sure looks like it.

I was under the impression the srs were on of the better ones too - about time they changed their transfer policy.

 

[fizz]

Yes, it would be great if all registrars had a uniform transfer policy to avoid any confusion and potential loss of a domain name through fraud.

 

[Nexus]

I've read that same policy before as I transferred a name. I couldn't help thinking I was misreading it somehow. Apparently someone is using that as an opportunity.

If you do not wish to approve this transfer, you must visit the URL above, and use the Domain Name and Transfer Key shown to Decline it. Accepting this transfer will change the registrar of record for your domain from Tucows, to eNom, Inc..If you are receiving this email, you should have initiated, or at least been aware of this request already. If this is the first time that you've heard of this, do not accept the transfer until you are satisfied that the request is legitimate.

The transfer request will be automatically completed within 5 calendar days if you don't either accept or decline the request.

Do you know that we offer many new free features that other domain registrars are charging $100's of dollars for ?

Please decline this transfer and stay part of the DiscountDomainRegistry family ;-).

My fear would be that if someone has an invalid contact e-mail, does not check their e-mail regularly, or maybe even has the e-mail BOUNCE due to a full-mailbox they're screwed.

~ Nexus

 

[dotNetKing]

I agree with you Nexus.

I wonder how many crooks try pulling this off, knowing that if they try enough addresses, they are bound to "win" some.

Maybe they send out a vague "testing" e-mail first to the e-mail address, and if it bounces or isn't replied to, go ahead with the transfer request.

I agree with Lats that the OpenSRS policy should be changed. It just seems too big a loophole that favours thieves.