The scammer, with user name possible49sm on the DigitaPoint forums, contacted me via private message and asked for my list of domain names for sale. He had 70 iTrader ratings, so I assumed that he was a reputable member, reputable enough for me to accept payment via Paypal. He even negotiated with me for a lower price (they say scammers don’t usually negotiate).

Everything was perfect until I received his payment. It seemed strange that his Paypal email address was erinleawearne@hotmail.com (I was pretty sure that he was a guy), while the Gmail account that he was using to chat with me was umutbalonlari@gmail.com. The guy had a couple of links on his forum signature at DP, so I checked out the WHOIS record for those domains — they say he’s from Jordan. The Paypal account that he used, however, showed that the owner was from Australia.

Still, I did not jump into a conclusion. I replied to the Paypal payment notification (from erinleawearne@hotmail.com) and politely asked that he reply with his Go Daddy customer number and email address so I could transfer the domains. He also told him on Gtalk that I need him to reply to my email first so I can push the domains. What do you know? He said he did not receive my email (Of course! You don’t have access to the Paypal owner’s email account; you only have access to her Paypal account). I even resent my email message, in case he was telling the truth. Still, he hadn’t received my email.

I already knew he was a scammer. After about five more minutes, I received an email from Paypal with the following message:

~~~~~~~~~

Dear Domibot,

A review of recent transactions indicates that you might have received a
payment that the PayPal account holder did not authorize.

To protect you from problematic transactions, we sometimes request
additional information about PayPal payments.

We need more information about this transaction. Please log in to your
PayPal account, click the “Resolution Center”tab, and provide more
information by 6/3/2009.

We recommend that you not ship the item until our investigation is
complete. If you’ve already shipped the item, please log in and let us know
where you shipped it.

We have placed a temporary hold on the funds until we complete our
investigation.

If you need to provide information by fax, click and print a cover sheet:
https://www.paypal.com/tw/cgi-bin/?cmd=_complaint_resolve_tracking_fax&cid=PP-713-787-213.

Please fax proof of shipment or proof of refund to 65-6510-4597.
Thank you for your cooperation.

Sincerely,
PayPal

~~~~~~~~~

So there you go — I was able to survive another scam attempt. Remember, when dealing with Paypal, be very, very careful. Here are a few tips:

• Verify that the person you’re dealing with indeed owns the Paypal account. One way to do this would be to send him an email at his Paypal email address (and pray that he hasn’t hacked the Paypal owner’s email address as well).
  
• When in serious doubt, ask for a number that you can call to verify his identify. The more hoops you make him jump, the more likely you’ll flush him out if he’s a scammer. Most genuine buyers will understand if you’re taking precautions. Scammers get impatient most of the time when you make them jump hoops.
• If you want a payment method that does not charge back, use Moneybookers. Scammers love Paypal because it looks like Paypal accounts can easily be hacked. And if a scammer pays you with a hacked Paypal account, the real owner can just claim that it was an unauthorized payment and Paypal will get the money back from you. You have no chance of winning the dispute because domain names are intangible goods and Paypal does not protect sellers of intangible goods.
• If the amount involved is substantial, use the escrow service that escrow.com provides. The escrow fee is at least $25 but you can split this with the buyer.

If you learned something from this post, please let me know by leaving a comment. Have a scam-free day!

At first, I didn’t mind because I thought that these guys are just trying to make some money. And then more and more “offers” started arriving for other domain names that I own. And it started getting annoying.

Here’s the email that they send:

We are selling the domain name {your-domain-name}.com.  Since you own {your-domain-name}.org if you would also like the more desirable .com we are making it available.  The cost is $99.97.  That includes a year of registration and transfer of ownership to you.  To purchase or to learn more go to:

http://www.{theirwebsite}.com/checkout.php?domain={your-domain-name}.com

If you pass on this opportunity someone else could purchase this domain and it may not be available again. For questions contact us or go to:

http://www.{theirwebsite}.com/faq.html

If you are not interested there is no need to respond.  We will not contact you again regarding this domain.

Almost a hundred bucks for a domain name that they registered for $7.00. They use the email address domains@dcinchq.com to send this spam offer.

So what do you do?

• If you don’t have time in your hands, just mark the message as spam and add the sender to your blocked list.
• If you are bored and you want some entertainment, write back to them and ask for information that answer bots are unlikely to answer. For example, ask for details like how to pay, how long is the registration for, how will the domain name be transferred, how you can be assured that they will indeed transfer the domain name, etc. Ask short questions but demand long answers.  The objective is to waste their time and have fun. You won’t be wasting yours because you’re bored and have nothing better to do, remember?

I used to do this to Nigerian 419 scammers, back when I had nothing else to do. I’d actually get them to send me documents like scanned copies of their passport, driver’s license, etc. as proof that they are legitimate individuals that I can “do business with”. Sure, those documents were probably fake, but that’s not the point. The point is they spent some time to prepare those documents. And for what? N-O-T-H-I-N-G. I was hoping that f they get nothing from their scamming efforts, they’d do something else, something honest.

I think the same thing goes for these spam offers. If you have time to kill, have fun with these spammers!

violetunderground.com (PR5)
dvlmfdonations.org (PR5)
guzman-guzmanlawoffice.com (PR5)

These were scammed from me on v7n.com by user manhattan122, who later contacted me as user -d-. He admitted being the same person and to scamming me last night and last month. You can see how he gloats in the private message that he sent to me on V7n.

The scammer uses the email address ldarushl@yahoo.com and the Paypal account legia_cwks@yahoo.com. If you get offers to buy any of these domain names, please DO NOT buy them. I am in the process of trying to recover them.

It looks like this blog is becoming a domain scam registry. Let’s hope that this doesn’t happen again to me or you. Ciao!

MEDIARECALLDIGITAL.COM
BIKERSBIKEPLACE.COM
EMBAVENEMEX.COM
IMSSURVEY.ORG
SOCAL-ICON.COM
GNUCHILE.ORG
WOCN2008.ORG
REDPOG.COM
MARCUSESTES.COM
COMETOGETHERFOUNDATION.ORG

I have posted the details on DigitalPoint.com where the scammers operate.

If someone offers to sell these stolen domains to you, please do not buy them. Thanks!

Indeed, it was spam, but judging from the flurry of email activity that followed the spam message, it was a cleverly contrived spam.

A few minutes after I received the spam, I received another email, this time from a Chinese guy who wrote “I don’t understand” in Chinese. It was sent to domain@worldswidedomainname.com, CC: info@worldswidedomainname.com. It was followed by 20-30 more email messages from people on the list, mostly with cursing and threatening (like it would scare Big Boy Alex).

What I Think Is Happening
Since there were no other visible recipients in the email from the Chinese guy, except domain@worldswidedomainname.com and info@worldswidedomainname.com, and it was unlikely that the Chinese guy would know my email address, I figured that either or both of these email addresses are set up as mailing lists, which automatically forward any message they receive to the email addresses on the list.

It looks like this Alex Shafts guy (or whatever his real name is) set up the mailing lists to forward email messages to hundreds, possibly even thousands, of email addresses. Since the email address at which I am receiving these messages is one of the email addresses that I use for my domain names’s WHOIS records, I figured Alex the Clown scraped the email addresses from WHOIS records.

People Are Still Replying
Until now, people on the list are still replying to the mailing lists, begging to stop the spam. In return, others are responding that they are not the ones sending spam. One guy even CCd a couple of co-workers (who weren’t on the list) and asked if their company was involved in a domain deal. This unintentional spamming will go on for days, I think, until people realize what’s happening.

What You Can Do
If you’re also receiving these spam mails, here are a few things that I suggest you can do:

• Please help stop the spam cycle by not replying to any of these email messages.
• Set up an email filter rule that junks or permanently deletes any message that contains “worldswidedomainname.com” or other keywords that you have seen in the spam messages.
• Alternatively, close the email account at which you’re receiving the spam messages. If you’re using that email address for your WHOIS records, remember to update your WHOIS records with your new email address.
• Spread the word to other affected domainers that replying will perpetuate the spam cycle.

What Does Alex Shaft Get From This?
I’m not entirely sure, but a lawsuit will probably be one of them. Maybe Little Alex just wants to make a name in the domaining industry. Maybe it gets him off, knowing that he’s annoying a lot of people. I really don’t know. If and when I do, I’ll tell you. Promise.