Category: SCAM ALERTS

Transferring Domain Names

Warning Be Careful How You Transfer Domain Names.

In June of this year I transferred a domain name from one.com to the new registrant at www.namecheap.com.

Normally when a domain is transferred the new owner updates his contact details and ‘hey presto every thing is hunkey dorey’. However to my shock and horror and feeling extremely unwell after the ordeal today some 7 months later I get a notification to my email address saying there is a problem with renewing the said domain name that I had transferred.

You have to hear me out. Now considering I am not the legal owner of the domain name I should not be getting renewal notifications, so I hop on the chat widget to try and resolve the issue. I must first say I tried logging in with the email Namecheap used to send me the notification and it said “no user found”. I thought maybe I could just reset the password and renew the domain on behalf of my client but that did not work.

The problem is my client does not want the domain name to drop and apparantly he is not the legal owner of the domain name but the website designer is.

The plot thickens as I will explian….

Once I started the chat I was told that my email was not associated with the domain.

So my question was “why am I getting renewal reminders”?

To be honest I think it is a scam as the legal owner would have their contact details on the system, yet Namecheap seem to have mine but will not give me access to the account.

Seeing as I have not given Nampecheap permission to use my email which I have never before communicated with them using it, I can only think they have it from Nominet as how else would they have my email considering I never shared it with anyone?

This email may I add is not my business email but my private one, which I used originally when I registered the domain with one.com however many years ago.

Now get this they will allow a third party meaning me or my client to renew the domain name. (Secret Santa).

They wrote in the chat:

If you agree with these conditions, you will need to create a seperate account with us at https://www.namecheap.com/myaccount/signup/ and deposit the amount necessary for the domain renewal in this case ($9.58/year). You can use this guide while adding funds: https://www.namecheap.com/support/knowledgebase/article.aspx/232/7/how-can-i-add-funds-to-my-namecheap-account

Now this is the bit that is mind boggling when I transferred the domain in June I sent the details to my client who passed it on to his web designer who I assumed registered the domain name but did not update my client’s contact details.

So that means my contact details must be on the system but I have no access to my details which is a violation of GDPR policy.

Namecheap continued to say:

“The Regsitrant email address is not listed in any Whois databases for this domain”.

Remember I transferred to domain so I am no longer the registrant.

According to ICANN:

To transfer your domain name to another registrant, you can initiate a change of registrant by contacting your current registrar. Your registrar will then ask for your confirmation via a secure mechanism (which typically will take the form of an email to the registered name holder). You must provide your confirmation within the number of days set by your registrar (not to exceed 60 days) or your transfer will not proceed. Once your registrar receives confirmation from you, they will process the transfer and notify you and the new registrant once the transfer is completed.

https://www.icann.org/resources/pages/name-holder-faqs-2017-10-10-en

This is a farce, a total shambles and how can they not have the current registrant email as their client if they do not have his email?

He would have had to have an email to set up an account with them?

I believe they are scamming and may in deed get two lots of money one from the registrant and one from me.

It is impossible for them not to have the domain name owners email address as he would have had to use it to login into his account.

The legal owner of the domain name which is a well known Brand has not had his name updated so he appartantly is not the legal owner but instead the web designer is the legal owner who for some reason cannot be contacted.

I will be contacting Nominet in the morning to explain what has happened and will either get the Brand owner or myself to renew the domain name, but I have never heard about a ‘Secret Santa Funding‘ on any registrar.

I would like to know if this has happened to you?, please leave your comments below.

I will not be using this company ever and will not be recommending them to any of my readers or clients.

Final Thoughts.

I am not going to mention the Brand Name to keep his details private but this is a word of warning if you have a web designer manage your website, he must show in a contract that says the domain name belongs to you and the brand owner (you) can use this piece of paper to give to the registrar if things go belly up.

USE ESCROW FOR ALL YOUR TRANSFERS AND LET THE NEW OWNER KNOW THAT THERE ARE TRANSFER FEES. It is better to pay the little extra for a transfer and have everyone safeguarded than end up with a web designer cybersquatting your domain name.

All you need is to let the web designer to change dns records so that your website becomes live. You do not need to give ownership details.

Escrow.com: Buy or Sell Online Without the Fear of Fraud

How to spot a dodgy email.

How to spot dodgy emails.

I have never thought too much about it until one of my clients forwarded me an email he had received from a person supposedly trying to steal my business. I had to look twice and realised that the entity was actually referring to an old domain my client had until it was stolen and cybersquatted.

You can view the cyber-squatted domain here: www.firstphaseelectricalwales.co.uk you will find it points to a clothing site yet again.

You can ready the whole three part cybersqualtting incident here:

Futhermore the domain supposedly changed hands in July of this year but my client is still getting emails this tells me the same entity is still using the domain name and still has my client’s data. Had the domain really have gone to a thirdparty they would not have had access to my clients data or email address. My client’s email that he received today was to his gmail email not his company email meaning how would the new owner know about my clients gmail email unless they were one and the same entity?

So when you open these emails two things that can happen if you reply to such emails they could either be malware infected and will be embed on your computer or you may get lots of spam messages whereby the sender will be then able to use your email address and spam other people.

Another way cyber criminals work is by using undisclosed email addresses this way they can send bulk emails. An undisclosed email may be used if you previously have had an email subscription and your email has be leaked or sold to a thirdparty that may then want to send out spam emails in bulk.

This goes against your privacy protection and you have to remember that email lists are worth a lot of money to some people so it stands to reason that they can be sold and misused.

How to spot a dodgy email.

This is an actual email I received to my private email account.

Apple know how to spell and they use their company name to send out information.

Check For Misspellings

The first and most obvious tip-off is misspellings. In the header above, the name of the company is spelled incorrectly, and the likelihood that a big corporation would misspell its own name is pretty unlikely.

Also look out for subdomain names such as info@subdomain.company.com No legitimate company would send out emails from their subdomain. Subdomains are the extension to a the originators website and are mainly used for blogs: https://ukdomainbrokers.ukwebsitedesigners.co.uk/

So for all intent and puposes the above is an example of my sub domain and I would not send out an email from info@ukdomainbrokers.ukwebsitedesigners.co.uk. I would however send one out from info@ukwebsitedesigners.co.uk

IP Address

Another quick trick is to look up the IP address the message came from. If it’s in a different country than the company, it’s probably fake.

Received From

The “Received” line tells you where the email originated from. If the email is actually from who it says it’s from, it would probably come from the company’s website. In the email above, the website the email came from has nothing to do with the company it says it’s from. If however the email mimicks your email the sender is hiding their identity.

Reply To

Same goes for the “Reply To” field. You can tell the email address has been spoofed because the “Reply To” address doesn’t match the “From” address.

Spoofing:

Email spoofing the process of disguising the original senders identity by creating email messages with a forged sender email address. The core email protocols do not have any mechanism for authentication, making it common for spam and phishing emails to use such spoofing to mislead or even prank the recipient about the origin of the message.

Final Notes.

Always check the recipients email. If you do not know or were not expecting anything from anyone DO NOT OPEN EMAIL ATTACHMENTS.

If you get emails from web designer telling you your website is s##t do ask your current web designers to send an audit report of your website. Also if the sender is sending you an email from a gmail, hotmail or msn account without a company signature in the footer of the email this is reason for alarm bells to ring.

DO NOT USE OFFSHORE WEBSITE DESIGNERS.

SUPPORT LOCAL BUSINESSES!

Do not reply to anyone that has a suspicious email address, especially if it is a long thread of letters and numbers that do not resemble a person or company.

Always check email addresses from the sender.

Lastly always mark emails that have landed in your inbox as ‘report phishing’ rather than simply deleting them as the email client will block this email from their servers to stop other people falling victim.

Scam Alert Domain Name Phishing

Cyber Crime.

Scam Email to attempt cyber theft of my domain name.

Cyber crime is rife at the moment not just with domain theft but scammers doing everything they can to extract money from less fortunate people.

Yesterday I wrote a post on my other blog https://marketingagency.cymrumarketing.com/2020/11/03/scam-alert-letter/ about a Scam Letter I received from a banker, by coincidence an unrelated to the email I also wrote about a banker betting $5 Million Dollars on Donald Trump winning the election.

I named and shamed this person whom sent me the email whom most probably is not even using their real name. So low and behold today I receive another email to a website I own which is a Business Directory and Community Hub for the district in Cardiff UK where I live ‘Roath’.

Now you have to think to yourself how would this keyword be a conflict or beneficial to anyone in China?

The domain is: www.roathlife.com

The email is as follows and when I replied back it bounced, you can come to your own conclusions but I think some one is attempting to scam me and whoever it is has to get up earlier than me to catch me out.

Original Scam Email.

Nick Liu <nick@chinaregistryshanghai.org> 05:35

To  info@roathlife.com

(It’s very urgent, therefore we kindly ask you to forward this email to your CEO. If you believe this has been sent to you in error, please ignore it. Thanks) Dear CEO, This is a formal email. We are the Domain Registration Service company in China. Here I have something to confirm with you. On November 4, 2020, we received an application from Hongxin Ltd requested “roathlife” as their internet keyword and China (CN) domain names (roathlife.cn, roathlife.com.cn, roathlife.net.cn, roathlife.org.cn). But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is your distributor in China?   Best Regards

Nick Liu | Service & Operations Manager

China Registry (Head Office)

Tel: +86-02161918696

Fax: +86-02161918697

Mob: +86-13816428671

6012, Xingdi Building, No. 1698 Yishan Road, Shanghai 201103, China

*****************************************

This email contains privileged and confidential information intended for the addressee only. If you are not the intended recipient, please destroy this email and inform the sender immediately. We appreciate you respecting the confidentiality of this information by not disclosing or using the information in this email.

My reply was:

Dear Nick Liu,

My name is Renata Maziak Barnes, I am the legal owner of the said domain names www.roathlife.com and www.roathlife.co.uk.
These domains have been registered and are developed by me. I also own www.ukdomainbrokers.com and specialise with UDRP’s.

Your domain names are on different GEO territories to myself being the owner from the time 2020-03-06 and I have actively developed my sites, therefore  there is no trademark conflict as I was the first person to publicly publish my domains names.

I would suggest your client refrains from registering the domain names because this could cause a problem in future, although I have no intention of ever marketing my business in China.

www.roathlife.cn is not registered and has no whois data

www.roathlife.com.cn is not registered and has not whois data
www.roathlife.net.cn is not registered and has no whois data
www.roathlife.org.cn is not registered and has no whois data

I await your reply at your earliest convenience.

Yours Truly,

Renata Maziak Barnes
Founder
www.roathlife.com
www.roathlife.co.uk
Tel: +44 (0) 7565253529

Mail delivery failed: returning message to sender

Mail Delivery System<mailer-daemon@kundenserver.de>

To  info@roathlife.com

This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more ofits recipients. This is a permanent error. The following address(es)failed:
nick@chinaregistryshanghai.org:SMTP error from remote server for RCPT TO command, host: mx.chinaregistryshanghai.org (199.195.251.131) reason: 550-Rejected because 82.165.159.43 is in a black list at zen.spamhaus.org550 https://www.spamhaus.org/sbl/query/SBL275660

— The header of the original message is following. —
Received: from oxbsltgw54.schlund.de ([172.19.249.7]) by  mrelayeu.kundenserver.de (mreue106 [213.165.67.115]) with ESMTPSA (Nemesis)  id 1MnItm-1jtEYQ3Htc-00jJDA for <nick@chinaregistryshanghai.org>; Wed, 04 Nov  2020 14:09:54 +0100Date: Wed, 4 Nov 2020 13:09:53 +0000 (GMT)From: info <info@roathlife.com>To: Nick Liu <nick@chinaregistryshanghai.org>Message-ID: <439891402.17398.1604495393295@email.ionos.co.uk>In-Reply-To: <202011041335263262056@chinaregistryshanghai.org>References: <202011041335263262056@chinaregistryshanghai.org>Subject: Re: roathlifeMIME-Version: 1.0Content-Type: multipart/related; boundary=”—-=_Part_17396_1939878953.1604495393253″X-Priority: 3Importance: NormalX-Mailer: Open-Xchange Mailer v7.10.3-Rev26X-Originating-Client: open-xchange-appsuiteX-Provags-ID: V03:K1:0iM3qWu96k7+nm6+4FH27tKPwLRBi3asRo6IkltspIx3TiUD8kb  64Uvu0jRQatF1oh4vDfkRIqu/dq6NyeeDKKZXgjPLwi3RTMcoCU6+tQ/oULYFxnptlDS3oS  IlPnkssjWtzaXo3GN5ANdoR8YOAFSgjH7j7v7yiwWdYUG6l3EGRySxCDl5dFixgSGqCZFZc  7KMuQNqSZjTIl6nphFPyA==X-Spam-Flag: YESX-UI-Out-Filterresults: junk:10;V03:K0:dkv51dmL+xI=:uYemXnJzgY5oUhy06auNt9z0  /s6XKe4ewOfXuhxlYsCuQnjZQZ8rRyx3d9vm8um4MQVT2TCP40TEZLgS+hlkJ7zOGoNigfUsO  /uxX0VlvP1Y2598VU7SFDa71yNpiYn57pI+0NRWuxMDVxzXftUBgs9OWRrR2YcRpBBBLAc4OL  uQE+bUIjVqcX7gI9Ht/2gH/HmgicgKTL7IRwiJmPzRin6agRweednEeaGngyVgz1hFNU/JwWe  aFqNNvU0Q+2UHmAdKte0AlLqugU/30/GG++dkm//fmctpH/2xvAOMmWRH3UMEjaQybSFNEGIv  rVSrzn+pPorxI8nsm5NaMKHrKhFiP4kZ3xt/yT8fY9Tc/b6BOBTtFT41i5RNa/cP14dDxlVG/  Grj3D5HVH4qNOjgzjPEcQFhvViI8WGsQFX+gLi1NC7E/EIpaWoXFI3YD4oL0ihfpC/JoCsPL3  /SLhxA6S4CWKkdsFvBSQfJNSddtAnxDwjcsy+RS5YEGl4i6nIqqFkNTeFeiU7lMpeE1I85/AN  uc79t8O70Dx02z5zhq2c=

Industry Categories

RSS
Follow by Email
Twitter
YouTube
LinkedIn
Instagram
WeChat