Hijacked name

[namedropper]

I have a business associate whose client's domain name was hijacked (transferred to DROA/enom without authorization) so they got ahold of me. I know basics of what to do, but right now I'd appreciate it if someone who has dealt with these things before had the best name/address/contact info to alert enom right away. The registrant info is still listed as the legit owners name and address, but the email and DNS settings are that of the thief, who is now trying to sell it.

Any suggestions on best way to handle this would be much welcomed. I'd like to get this complaint in solid before the registrant info might get changed.

Other helpful advice welcomed too.

 

[mole]

Post the name here. This is the best way to get the necessary attention from the domain sleuths here who enjoy detective work.

 

[Dave Zan]

Who's that lady from eNom's legal? Christine Graff, was it?

 

[eSology]

That is her name. I would make sure you know all the facts before you call her though. Did the name drop? Did your business associate's client mistakenly mail in a DROA letter? It surely wouldn't be the first time.

 

[Dave Zan]

I found this also, though I'm not sure if it's still valid:

Martin Garthwaite
General Counsel
eNom, Inc.
2002 156th Avenue NE
Bellevue, WA 98007
phone: 425-883-8860 ext 270

One silver lining is the name is still within eNom's reach. Go for it quick!

 

[namedropper]

I'm not giving out the name at this point because I don't want to tip off the thief that we're on his trail. If he goes and changes the registrant information than it gets much more complicated. Right now the real owner is still listed as the owner, which should make things easy.

Other facts:
*Absolutely didn't drop, based upon upon the registration and expiration dates (and registrant info).
*The client may have signed something to go to DROA, but based upon the expiration date, if he did it was well over a year ago, and I doubt DROA changse registrant email info and try to sell it off -- or if they do, that sure as hell wasn't in the DROA transfer agreement.
*The client also says that recently someone made unauthorized purchases on his credit card. I don't know if that's related or not. Might indicate a major security lapse somewhere.
*Email address changed to that of thief, DNS changed to point to thief's page, site was active at real owner's site less than a week ago. New site is trying to sell the name.

Clear cut case of theft here, as far as I can tell. My business associate was going to try a fax transfer of ownership by providing proof of identity of the real owner, matching the registrant data. That should be going on right now. I'll also forward contact information for Enom, thanks for that info.

 

[Dave Zan]

Glad to be of help, Dan. Hope your business associate's client gets the name
back ASAP before the thief gets wise.

Considering the circumstances, that client is luckier than many.

Interesting how that name got transferred to DROA without that client's
conscious knowledge...

 

[adoptabledomains]

*Absolutely didn't drop, based upon upon the registration and expiration dates (and registrant info).

Drops are harder to tell by date now that some registrars have changed the TOS to "allow" them to auction before the drop, but after redemption period. I've picked up a couple from snapnames that now still have the original reg date of several years ago. Some pickups in drops at various services also have remnants of the original owners contacts in technical, billing, and DNS slots (none registrant or admin, yet).