domibot.com

May is almost over and I thought it would be the first month in a long time when I didn’t encounter a scammer. But I was wrong. Just a few minutes ago, somebody from the DigitalPoint forums tried to scam me of five domains with PageRank worth a few hundred dollars. Good thing I always remember my (expensive) lessons from previous scams — this scammer never had a chance.

The scammer, with user name possible49sm on the DigitaPoint forums, contacted me via private message and asked for my list of domain names for sale. He had 70 iTrader ratings, so I assumed that he was a reputable member, reputable enough for me to accept payment via Paypal. He even negotiated with me for a lower price (they say scammers don’t usually negotiate).

Everything was perfect until I received his payment. It seemed strange that his Paypal email address was erinleawearne@hotmail.com (I was pretty sure that he was a guy), while the Gmail account that he was using to chat with me was umutbalonlari@gmail.com. The guy had a couple of links on his forum signature at DP, so I checked out the WHOIS record for those domains — they say he’s from Jordan. The Paypal account that he used, however, showed that the owner was from Australia.

Still, I did not jump into a conclusion. I replied to the Paypal payment notification (from erinleawearne@hotmail.com) and politely asked that he reply with his Go Daddy customer number and email address so I could transfer the domains. He also told him on Gtalk that I need him to reply to my email first so I can push the domains. What do you know? He said he did not receive my email (Of course! You don’t have access to the Paypal owner’s email account; you only have access to her Paypal account). I even resent my email message, in case he was telling the truth. Still, he hadn’t received my email.

I already knew he was a scammer. After about five more minutes, I received an email from Paypal with the following message:

~~~~~~~~~

Dear Domibot,

A review of recent transactions indicates that you might have received a
payment that the PayPal account holder did not authorize.

To protect you from problematic transactions, we sometimes request
additional information about PayPal payments.

We need more information about this transaction. Please log in to your
PayPal account, click the “Resolution Center”tab, and provide more
information by 6/3/2009.

We recommend that you not ship the item until our investigation is
complete. If you’ve already shipped the item, please log in and let us know
where you shipped it.

We have placed a temporary hold on the funds until we complete our
investigation.

If you need to provide information by fax, click and print a cover sheet:
https://www.paypal.com/tw/cgi-bin/?cmd=_complaint_resolve_tracking_fax&cid=PP-713-787-213.

Please fax proof of shipment or proof of refund to 65-6510-4597.
Thank you for your cooperation.

Sincerely,
PayPal

~~~~~~~~~

So there you go — I was able to survive another scam attempt. Remember, when dealing with Paypal, be very, very careful. Here are a few tips:

• Verify that the person you’re dealing with indeed owns the Paypal account. One way to do this would be to send him an email at his Paypal email address (and pray that he hasn’t hacked the Paypal owner’s email address as well).
  
• When in serious doubt, ask for a number that you can call to verify his identify. The more hoops you make him jump, the more likely you’ll flush him out if he’s a scammer. Most genuine buyers will understand if you’re taking precautions. Scammers get impatient most of the time when you make them jump hoops.
• If you want a payment method that does not charge back, use Moneybookers. Scammers love Paypal because it looks like Paypal accounts can easily be hacked. And if a scammer pays you with a hacked Paypal account, the real owner can just claim that it was an unauthorized payment and Paypal will get the money back from you. You have no chance of winning the dispute because domain names are intangible goods and Paypal does not protect sellers of intangible goods.
• If the amount involved is substantial, use the escrow service that escrow.com provides. The escrow fee is at least $25 but you can split this with the buyer.

If you learned something from this post, please let me know by leaving a comment. Have a scam-free day!

A couple of my domain names registered with EnomCentral.com are expiring soon, so I thought I better transfer them to Go Daddy while I can (Go Daddy being cheaper than EnomCentral). I logged onto my EnomCentral account to unlock the domains and retrieve the authorization/EPP code. However, when the familiar EnomCentral dashboard appeared, it “ERROR - Account not found in database.”

I thought it was weird so I clicked the Domains > My Domains link to check if my domains were okay. I got the following message:

Bad User name or Password
Failed to get site processor. Please try again.

Bad User name or Password - 3
Loading results

No results returned by query.

I was afraid someone hacked into my account. I decided to call Enom, even though I knew it wasn’t going to be toll-free (I don’t live in the US). Calling Enom Support requires your personal identification number (PIN), which can be found on your Enom Account Info page. When the answering machine prompted me for my PIN, I entered it. What do you know? The phone system didn’t recognize it.

I had no other choice but to settle for the slower alternative — I fired off a support ticket. After an hour or so, I received a reply from one of their support guys:

Any customer that has a symbol in their password appears to get the error message while logging in. Please try resetting your account password to not include any symbol.

That symbol is my password may be the only reason that’s preventing my account from being hacked. Now Enom wants me to change my password to something less secure? It didn’t sound like I had a choice, so I tried resetting my password. Guess what? The system couldn’t reset my password because it couldn’t find my account on its database.

This is starting to sound like the chicken-or-egg causality dilemma. So I fired off another support ticket. I’m still waiting for a reply.

Is anyone else experiencing this issue?

I received an email from Go Daddy earlier today, which informed me that numerous failed login attempts have been detected on my account and that I need to verify my information to ensure account security. It sounded like Go Daddy really cares about my account security and that I should do as the email instructed. Except the email message is not from Go Daddy — it’s a phishing email.

Here’s the phishing email text:

Dear Customer,

This notification is generated automatically as a service to you.

Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security.
Please click on sign in to domain servers {link removed} to continue to the verification process and ensure your account security. It is all about your security. Thank you. and visit the customer service section.

please contact us within 1 days.

If you need to address this matter, or in any way need further assistance or technical support, call us any time at (480) 505-8877 or email us at support@godaddy.com. We appreciate your business!

Sincerely,
GoDaddy.com DomainAlert team

How did I know that it was a phishing email? There were a few indicators:

• Grammatical errors in the email message (”on you account”, “their might be some security problem on you account”, etc.). These scammers really need to invest on hiring better copywriters or, at least, proofreaders.
• Link to the Go Daddy verification site resembles Go Daddy’s Web site (www.godaddy.com), but it’s not. If you receive a similar email, just hover your mouse pointer on the verification link and you’ll see that the URL is not www.godaddy.com.

The “verification page” will prompt you for your Go Daddy user name and password. Once you enter your user name and password on the page, the phisher or scammer will use it to log in to your account and transfer your domains to his account.

If you receive a similar email, delete it immediately. Do not even click the link as visiting the fake verification page will install a cookie on your computer — something that the phisher or scammer might use later on to gather information about you.

Here’s a screen shot of the phishing email, so you’ll have an idea of how deceiving and official-looking it may seem. Just be careful, use a hard-to-guess password, and change it periodically.