I just received 2 unauthorized transfer requests on one of my LLL.coms from GoDaddy

[Stian]

Re: Transfer of XXX.com


Dear Go Daddy Customer,

Go Daddy received a request on 6/27/2013 for us to become the new registrar of record.

I just received two of these transfer requests from GoDaddy. I assume someone has started a transfer request from their GoDaddy account thinking I am dumb enough to accept it? Still, they would need the codes in the GoDaddy e-mail so I have no idea how this scam attempt could possibly work.

Has anyone else ever experienced this? Is this some new sort of scam?

I have contacted GoDaddy support and I hope they will cooperate and provide me with the details of the user who has initiated the transfer requests.

 

[Biggie]

Hi Stian


that bull-sugarty has been going on for the longest

here's some past episodes:

http://www.dnforum.com/f557/receive...-initiate-should-i-worried-thread-467031.html

http://www.dnforum.com/f209/hijack-attempt-thread-395394.html

http://www.dnforum.com/f209/godaddy-stop-emails-fake-transfer-requests-thread-329903.html

http://www.dnforum.com/f77/domain-hijacking-attempts-thread-270353.html

 

[Stian]

Thanks Biggie, that's a relief. I've never experienced it before, so I went right into the supposedly losing registrar and changed passwords etc.

Hi Stian


that bull-sugarty has been going on for the longest

here's some past episodes:

http://www.dnforum.com/f557/receive...-initiate-should-i-worried-thread-467031.html

http://www.dnforum.com/f209/hijack-attempt-thread-395394.html

http://www.dnforum.com/f209/godaddy-stop-emails-fake-transfer-requests-thread-329903.html

http://www.dnforum.com/f77/domain-hijacking-attempts-thread-270353.html

 

[Theo]

As long as the domains are locked and they don't have an auth key, they can't do anything. Make sure the email account managing those domains is safe.

 

[angel69]

Yeah, good idea to have changed your password, always make sure it's complex with all types of characters, use the max # of char's allowed by GD. Also keep going to your DCC and double-ck all domains are actually locked, do these names the transfer notice was about have privacy ? if so, it has to be manually removed on another site (DBP) or GD will deny the transfers out of there altogether, and that's one thing the scammer cannot do (even if he managed to get into your GD acct and requested auth codes, and he'd have to do other things to get the codes at his own address, I don't want to get into details... )

Also, if you haven't been using the double-auth at sign-in GD offers for free then you should go for it (but you're overseas and I'm not sure the system can send that code by text to an international phone #....) good luck, anyway

Thanks Biggie, that's a relief. I've never experienced it before, so I went right into the supposedly losing registrar and changed passwords etc.

 

[Theo]

The two way auth at GD is only for US/CA phone #s.

 

[GeorgeK]

I've received those in the past, and complained to GoDaddy that they don't show any information about who is making the request, e.g. their email address, IP address, phone number, address, name, etc. I'm not sure if they've done anything about that, but it would definitely reduce the potential for scams/abuse if they were transparent about who is making these requests.

 

[vinsdomains.com]

It wasn't me!

 

[Gerry]

It could be an idiot like me that misspelled the word of the domain or entered the wrong extension. Yup, been there, done that, didn't get the name...

 

[Bill F.]

I was going to say... then Gerry did. I've made this mistake before, more than once, and typed in the wrong domain for transfer. Quite possibly an innocent mistake.

 

[GeorgeK]

I received an unauthorized transfer request today (same request from a few days ago). GoDaddy still does not identify the requestor, nor provides a means to cancel the transfer requests. The support droids seem to think that I should just ignore them, even though these unwanted transfer attempts would continue for 30 DAYS! That's unacceptable.

I'm thinking that one of the reasons that they don't want to cancel the transfer request is that they get to keep the funds of the person making the transfer request for 30 days. That's free money for GoDaddy. They lose out financially if they have to refund the money immediately. Instead, they think it's ok to spam me for 30 days with these unwanted and unauthorized transfer requests. Not good!

<b>Update</b>: GoDaddy telephoned me and advised me that they cancelled the unauthorized transfer request. I hope they'll also improve their processes going forward.