Somebody Tried to Steal All My Domains at Godaddy!

27 replies
This morning, I noticed an e-mail from Goddaddy that the nameservers of one of my domains have changed. I then saw an e-mail from a unknown asking for the rest of my domains to be pushed onto their Godaddy account ASAP.

Realizing that something is not right, I tried to log into my Godaddy account unsuccessfully. I then immediately rang Godaddy and spoke to my account representative. It appeared that someone had hacked into my account and changed the e-mail registered to that account. Accordingly he resetted my account.

One I was able to log into, I noticed that 157 domains were missing. My account representative than asked my to write to undo at godaddy with photo identification and request that the transfers out be reversed. In the meantime, I have also written to the buyer explaining the situation and have asked him to put a hold on any payments that he had made.

I do not blame Godaddy at all as it can happen to any Registrar. In fact, I am quite happy that I could get through to them by phone immediately. As to how my account could have been hacked, I do not know. I will have to scan my conputer for philishing software ASAP.

At this time, I am waiting for a response from Goddaddy. If the transfers are not reversed, it could wreck my business although I hope it will not happen. I am posting this as a warning to everybody.


Derek

UPDATE: I have not got all my domains back!

UPDATE: I think I know how my account was hacked! It was done through a phlishing e-mail.

****************************** ***********
Important ICANN Notice Regarding Your Domain Name(s)
****************************** ***********

Dear User,

it is that time of year again. ICANN(the Internet Corporation for Assigned Names and Numbers) annually requires that all accredited registrars (like GoDaddy.com) ask their domain administrators/registrants to review domain name contact data, and make any changes necessary to ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more domains registered at GoDaddy.com, Inc. as of May 1st, 2010.

To review/update your Account data, simply:
+ Login to https://dcc.godaddy.com/ default.aspx?isc=ICANN0908a& amp;ci=8987
+ You will be taken to a landing page and asked to enter your account information
Please take a look that your account and domain information is up to date.

If, however, your domain contact information is inaccurate, you must correct it. (Under ICANN rules and the terms of your registration agreement, providing false contact information can be grounds for domain name cancellation.) To review the ICANN policy, visit:ICANN - Internet Corporation for Assigned Names and Numbers whois/wdrp-registrant-faq.htm

Should you have any questions, please email us at support@godaddy.com or call our customer support line at (480) 505-8877.

Thanks for your attention and thank you for being a GoDaddy.com, Inc. customer.

Sincerely,
GoDaddy.com, Inc. Domain Support


If you are the domain administrator of more than one GoDaddy.com domain account, you may receive this notice multiple times.
------------------------------ ------------------------------ ------------------------------ ---
Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.
#attempting #domains #godaddy #steal
  • Profile picture of the author Biggy Fat
    All man, I sure hate to hear that. But I hate to be the bearer of bad news, but most GoDaddy undo transfer requests won't be honored, though GoDaddy states that "If this was done in error let us know in 15 days" or some crap. Gives scammers a way to take valuable domains from you.
    {{ DiscussionBoard.errors[2323172].message }}
  • The real question is how did someone get your password? Was the password easy to guess? Did it contain information someone could gather about you online?

    Either way, you should scan your computer with several anti-virus and anti-malware programs to make sure you don't have a keylogger or trojan horse on your system.

    If anyone else has access to your account, they should scan their computers also.
    {{ DiscussionBoard.errors[2323219].message }}
  • Profile picture of the author ileneg
    Like Chris - I am interested in knowing "how" this happens/ed?

    ileneg
    {{ DiscussionBoard.errors[2323226].message }}
    • Profile picture of the author KathyK
      If he has a short or easy pass, could have just been a dictionary attack. I agree on some serious virus/malware scanning though.

      Always do random passwords - no real words. And LONG! Write them down and put them in a safe place. The 'don't write down your passwords 'advice that goes around is for people sitting in little 9-5 cubicles.

      If someone breaks into your house, you have more to worry about than just your passwords.

      P.S.
      I lose count of all the times Ive been threatened and told to stop making money and get a real job or else.
      Thanks for the chuckle!
      Signature

      Cheers,
      Kathy

      {{ DiscussionBoard.errors[2323259].message }}
      • Profile picture of the author Adam B
        Originally Posted by KathyK View Post


        Thanks for the chuckle!
        heres a comment on one of my videos:

        "He is one fat lazy ******* who's days are numbered."
        {{ DiscussionBoard.errors[2323446].message }}
      • Profile picture of the author ileneg
        Originally Posted by KathyK View Post

        If he has a short or easy pass, could have just been a dictionary attack. I agree on some serious virus/malware scanning though.

        Always do random passwords - no real words. And LONG! Write them down and put them in a safe place. The 'don't write down your passwords 'advice that goes around is for people sitting in little 9-5 cubicles.

        If someone breaks into your house, you have more to worry about than just your passwords.

        P.S.

        Thanks for the chuckle!
        Passwords. I live and die by Roboform...Without a doubt, my favorite online tool to date!

        ileneg
        {{ DiscussionBoard.errors[2328361].message }}
  • Profile picture of the author derekwong28
    I think I know how my account was hacked, I received this phlishing e-mail a few days ago supposedly from Godaddy asking my to verify my domain details for ICANN verification.

    ****************************** ***********
    Important ICANN Notice Regarding Your Domain Name(s)
    ****************************** ***********

    Dear User,

    it is that time of year again. ICANN(the Internet Corporation for Assigned Names and Numbers) annually requires that all accredited registrars (like GoDaddy.com) ask their domain administrators/registrants to review domain name contact data, and make any changes necessary to ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more domains registered at GoDaddy.com, Inc. as of May 1st, 2010.

    To review/update your Account data, simply:
    + Login to https://dcc.godaddy.com/ default.aspx?isc=ICANN0908a& amp;ci=8987
    + You will be taken to a landing page and asked to enter your account information
    Please take a look that your account and domain information is up to date.

    If, however, your domain contact information is inaccurate, you must correct it. (Under ICANN rules and the terms of your registration agreement, providing false contact information can be grounds for domain name cancellation.) To review the ICANN policy, visit:ICANN - Internet Corporation for Assigned Names and Numbers whois/wdrp-registrant-faq.htm

    Should you have any questions, please email us at support@godaddy.com or call our customer support line at (480) 505-8877.

    Thanks for your attention and thank you for being a GoDaddy.com, Inc. customer.

    Sincerely,
    GoDaddy.com, Inc. Domain Support


    If you are the domain administrator of more than one GoDaddy.com domain account, you may receive this notice multiple times.
    ------------------------------ ------------------------------ ------------------------------ ---
    Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.
    Signature

    Do not get between a wombat and a chocolate biscuit; you will regret it dearly!

    {{ DiscussionBoard.errors[2323240].message }}
    • Profile picture of the author Ken Strong
      Originally Posted by derekwong28 View Post

      I think I know how my account was hacked, I received this phlishing e-mail a few days ago supposedly from Godaddy asking my to verify my domain details for ICANN verification.
      I get that exact email all the time -- Derek, what makes you think it's phishing? All the links look legit.

      I had 3 of my domains stolen from my Namecheap account about a year ago. I asked them several times how it could have happened and never got an answer. It took about a month to get them back.

      I was lucky -- the thief emailed me directly and gave me a price for getting them back, so I was able to forward that to both Namecheap and the receiving registrar as evidence. It still took like a month to get it back, though. Fortunately they weren't domains I depended on for a significant part of my income.
      {{ DiscussionBoard.errors[2323281].message }}
    • Profile picture of the author Bish
      Originally Posted by derekwong28 View Post

      I think I know how my account was hacked, I received this phlishing e-mail a few days ago supposedly from Godaddy asking my to verify my domain details for ICANN verification.

      ****************************** ***********
      Important ICANN Notice Regarding Your Domain Name(s)
      ****************************** ***********

      Dear User,

      it is that time of year again. ICANN(the Internet Corporation for Assigned Names and Numbers) annually requires that all accredited registrars (like GoDaddy.com) ask their domain administrators/registrants to review domain name contact data, and make any changes necessary to ensure accuracy. According to our records you are the ADMINISTRATIVE CONTACT for one or more domains registered at GoDaddy.com, Inc. as of May 1st, 2010.

      To review/update your Account data, simply:
      + Login to https://dcc.godaddy.com/ default.aspx?isc=ICANN0908a& amp;ci=8987
      + You will be taken to a landing page and asked to enter your account information
      Please take a look that your account and domain information is up to date.

      If, however, your domain contact information is inaccurate, you must correct it. (Under ICANN rules and the terms of your registration agreement, providing false contact information can be grounds for domain name cancellation.) To review the ICANN policy, visit:ICANN - Internet Corporation for Assigned Names and Numbers whois/wdrp-registrant-faq.htm

      Should you have any questions, please email us at support@godaddy.com or call our customer support line at (480) 505-8877.

      Thanks for your attention and thank you for being a GoDaddy.com, Inc. customer.

      Sincerely,
      GoDaddy.com, Inc. Domain Support


      If you are the domain administrator of more than one GoDaddy.com domain account, you may receive this notice multiple times.
      ------------------------------ ------------------------------ ------------------------------ ---
      Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.

      I've had several emails that are identical to this one, fortunately for me I'm a bit lazy so I didn't reply..

      Hope you get it sorted
      {{ DiscussionBoard.errors[2324627].message }}
  • Profile picture of the author Adam B
    Ive had this happen with a dating domain a few years ago. A few people were threatning me day in day out and somebody somehow transfered my domain to different nameservers and to a different host in Canada. Took me a week to get it back.

    Some people just want to mess things up for you. I lose count of all the times Ive been threatened and told to stop making money and get a real job or else.
    {{ DiscussionBoard.errors[2323244].message }}
  • Profile picture of the author derekwong28
    Ken, the page you are directed to is this

    http://dcc.godiaiddy.com/login.aspxS...N0908aci=8987/

    Note that it is godiaiddy instead goddaddy.

    If you have have them your login details, you must change your password immediately.

    I have been in contact with the person who bought 140 of my domains from the fraudster. He told me that he is willing to cooperate.

    Derek
    Signature

    Do not get between a wombat and a chocolate biscuit; you will regret it dearly!

    {{ DiscussionBoard.errors[2323334].message }}
  • Profile picture of the author KathyK
    That's nasty. And yes, you are right. You got phished.

    Note to others reading this (I think the OP has probably figured it out). DO NOT click links from emails. I've had the ICANN email - but I always went to godaddy and found it there (not easy to find, but it is on their page under ICANN Confirmation).

    To the OP - send godaddy that link, if you haven't already. They'll get that one shut down, at least - and it's more proof that you ARE the owner.
    Signature

    Cheers,
    Kathy

    {{ DiscussionBoard.errors[2323358].message }}
  • Profile picture of the author sbucciarel
    Banned
    I've read about a lot of these nightmare stories on namepros.com. Apparently, it is more common than we would all like to think. I hope this gets sorted out for you and you get your domains back.
    {{ DiscussionBoard.errors[2323462].message }}
  • Profile picture of the author jijaybajay
    people are so mean these days...
    {{ DiscussionBoard.errors[2323474].message }}
  • Profile picture of the author derekwong28
    The latest information I have got is that my account at dnforum had been hacked as well and the scammer used it to sell my domain names.

    I am not completely sure how this may have happened. The scammer changed the nameservers of my main website yesterday to point to his server. It is possible that this is how he got the e-mail from dnforum to reset my account password.

    I wonder what else had been compromised now. This is a certainly one of the worse headaches I have ever faced.

    Derek
    Signature

    Do not get between a wombat and a chocolate biscuit; you will regret it dearly!

    {{ DiscussionBoard.errors[2323721].message }}
  • Profile picture of the author sbucciarel
    Banned
    You should post this at namepros.com ... if the domains come up for sale, they are likely to spot them and there are a lot of domainers there. Someone may be able to give you some help and advice.
    {{ DiscussionBoard.errors[2324124].message }}
  • Profile picture of the author derekwong28
    Thanks for your advice. I have been able to trace all of these domains now The majority were bought by a single buyer. I am going to write to the other buyers about this. I want to keep this low profile at the moment.

    My account rep at Godaddy told me that they will deal with it when the relevant department re-opens on Monday. It just seems that bad things tend to happen to me over a weekend. I suppose I cannot do much more except to wait.
    Signature

    Do not get between a wombat and a chocolate biscuit; you will regret it dearly!

    {{ DiscussionBoard.errors[2324258].message }}
  • Profile picture of the author ivanadee
    well..
    I have to say thank u for ur info.it's scary...
    I am now be more careful by checking my domains routinely
    {{ DiscussionBoard.errors[2324340].message }}
  • Profile picture of the author neilrivera
    Changing your password will be the best solution for this, also try to contact godaddy for more security
    {{ DiscussionBoard.errors[2324671].message }}
  • Unfortunately phishing emails are very common. I even see some that are claiming to be my financial institution. Numerous times weekly i see phishing emails trying to get my PayPal login details.

    I make it a rule to go directly to any site and log in if I utilize such a service.
    {{ DiscussionBoard.errors[2329196].message }}
    • Profile picture of the author Pluton
      I, also, have had several phishing eMails purporting to be from Godaddy. I never respond to ANY eMails of this type except, if I'm unsure, I contact the company directly via another eMail to see if the one that I have received is in fact genuine.
      Recently, I have received letters through the post reminding me to "fill in the details" to ensure continuity of registration for several of my domain names. These letters come via Jamaica for a UK company. Maybe there is nothing untoward in these letters and they are just trying to hi-jack my existing registrations through Godaddy and others and at higher cost.
      If in the slightest doubt keep with who you know and don't respond.
      {{ DiscussionBoard.errors[2329319].message }}
    • Profile picture of the author alexbbbh
      Originally Posted by Private Label Ebook Shop View Post

      Unfortunately phishing emails are very common. I even see some that are claiming to be my financial institution. Numerous times weekly i see phishing emails trying to get my PayPal login details.

      I make it a rule to go directly to any site and log in if I utilize such a service.

      I get these pretty much on a consistent basis but since I know a lot of people that have this, let's call it hobby, I kinda stayed clear of trouble till now.

      Derek, good to hear that you got all of them back, though.

      alexbbbh,
      {{ DiscussionBoard.errors[2405054].message }}
  • Profile picture of the author derekwong28
    This scam is very sophiscated. Firstly, the phlishing e-mail did list your domain names. Second, you were able to log into your real Godaddy account and thus lowering your guard.
    Signature

    Do not get between a wombat and a chocolate biscuit; you will regret it dearly!

    {{ DiscussionBoard.errors[2330454].message }}
  • Profile picture of the author zigstonk
    I get the same phishing email about 3-4 times a year. I always ignore them...thanks goodness!
    Signature

    zigstonk

    {{ DiscussionBoard.errors[2330469].message }}
  • Profile picture of the author derekwong28
    Update: I have now got all 157 domains back!

    On Monday, the undo department at Godaddy sent me a form to fill in and asked for a photo ID.

    It took another day for the domains to be transferred back to a new account.


    Derek
    Signature

    Do not get between a wombat and a chocolate biscuit; you will regret it dearly!

    {{ DiscussionBoard.errors[2337299].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by derekwong28 View Post

      Update: I have now got all 157 domains back!

      On Monday, the undo department at Godaddy sent me a form to fill in and asked for a photo ID.

      It took another day for the domains to be transferred back to a new account.

      Derek
      I am thrilled for you. Glad Godaddy came through.
      {{ DiscussionBoard.errors[2337339].message }}
      • Profile picture of the author higginb3
        wow, it is scary how vulnerable your online business really is.
        {{ DiscussionBoard.errors[2337374].message }}

Trending Topics