Latest posts by admin (see all)
- Update: KZRA.com was Recovered - August 28, 2017
- My domain KZRA.com STOLEN and measures you can take to protect your domains - July 24, 2017
- Christian Calvin on Domain Sherpa Show - December 28, 2016
Last Wednesday I was simply checking my emails from my phone, like I do several times a day. I have an old AOL.com email account that I have had since I was 18 and I have my PlentyOfBrands.com gmail account and another personal gmail account. I found it odd as I was trying to log into my AOL email account I kept getting the “wrong password” alert on my phone. I knew with 100% positivity it was the right password so that struck me as odd. I was super busy that day so I checked my gmails and went about my day. That night I logged in from my computer to my AOL so I could check my emails and was still locked out. That is when I got a little concerned.
I went straight to my GoDaddy account and wanted to log in just to check on my domains and that is when my face heated up and my blood pressure went sky high. I was now locked out of my GoDaddy account too. So I can’t get to my domains and I can’t log into my AOL.com as well. So I now think how can I get control of my AOL account ASAP? I call AOL and it takes about an hour and a half and several forms of identification (which was already changed to some bogus person’s information) to get control of my account again. This thief hacked my AOL account, changed all of the contact information and phone numbers, changed all of the security questions to information I would not know and changed the password to keep me out of the account. I finally get control of my AOL account now on to GoDaddy.
I called GoDaddy and that is when I was really shocked. This individual has not only hacked my GoDaddy account, he has changed the passwords, changed all the phone numbers and contact information and has also set up the two-step authentication to questions I obviously would not know. I have a premier account with GoDaddy and they have pretty tight security measures so it took a lot of identification, filling out paperwork, and other measures to get my account back. At this point I have my accounts back and now we need to look at the damage this thief has done.
I talked to my account representative at GoDaddy and the only domain leaving my account was kzra.com. The guy changed and unlocked a few other domains but was either unsuccessful or decided not to take them. At this point, I was in research mode to find out who has the domain, how I can get it back and most importantly which registrar the name is now at. I found out it is at Namesilo.com. I personally do not have any domains at Namesilo so I do not know much about them. I called Namesilo and spoke to a guy who answered the phone and he was NO HELP. He basically said I should not do business with GoDaddy because their security is bad. He told me to just look on the web and see how bad they really are. He also told me Namesilo has never had a domain stolen and maybe I need to make better choices where I have my domains.
I want to first say I am very happy with GoDaddy. Since day 1 they have been great to me and I continue to have a great relationship with them. Back to Namesilo… I continued to talk to this rep at Namesilo and he basically said that he has been in contact with GoDaddy over this and according to ICANN everything about the transfer to the Namesilo account was ok. He was not and will not give me back my domain. He also said that just yesterday he got a call just like my call and that the caller was the thief trying to steal a domain. So he was basically saying I was a thief and I could be the one stealing domains. I think this is very unprofessional and I hope to never do business with Namesilo.com. I am basically just a domain investor that loves the domain business and industry. I have a lot of respect for my colleagues like Mike Cyger, Andrew Rosener, Merlin Kauffman, Michael Berkens, Rick Schwartz, Shane Cultra, Frank Schilling, Domain Gang, Domain Name Wire and others.
I feel some of this is actually my fault. I never thought this would happen to me so I kept my AOL.com as my account for my names and I never changed it over to my gmail for better protection. My GoDaddy rep set me up with DTVS which is a domain transfer service and that is password protected. I had a good month a few months back and we took it off so I could sell through my names and I forgot to turn that back on. I will take the blame for this because I knew I needed to get that back on along with two-step verification.
My next step after this was to talk with an attorney to possibly get the name back. Since this is not covered under UDRP it has to be fought at the Federal Court level which is very costly. At this point I have to decide at what price do I pay to get a $300-$500 value domain back. To me it is not worth the 5 figures it would cost to fight it in Federal court so I am just going to write it off. The attorney I spoke to was very helpful and gave me some valuable information. He said maybe I should try to contact the thief and see if I can either get the name back via talking with him or her, paying him or her, or some other manner. I took his advice and reached out to the individual. It took a few days but he did respond. He emailed me and then started texting me. Take a look at the correspondence between us
This was our entire conversation that just happened today. Now he is demanding that I pay him a total of $600 and it has to be in Bitcoin. He sent me the links to coinbase and another service that I can sign up at. (This person has balls.) So at the end of the day I am over this. I can take the loss and keep trucking. I know I will do whatever it takes to take care of my daughters and my wife. I love domains and it has and will continue to be a great business for us that we enjoy. I know it will be ok at the end of the day. The main thing I want to accomplish is to save this from happening to me again or anyone else. There are some measures we as investors can take to make sure this does not happen.
1. We can do two-step authorization.
2. We can do a DTVS and have a premier account rep call us before anything leaves our accounts.
3. There are also two-step verifications with our email addresses that can help save us as well.
Please share this story, comment below if you have any security tips and share on Namepros as well. Let’s try to keep our industry as safe and protect our investments as best as we can. There will always be people out there trying to take the easy route, the cheap way, and steal from us. (That will not go away.) But we can make it harder for them. If you are new to domains and are wanting to get educated on what names to purchase check out DNAcademy.com. If you find yourself in a similar situation as myself or a UDRP there are excellent attorneys out there like David Weslow at WileyRein.com. Thanks for reading.