As we reported several times recently, the domain theft pattern continues: Domains are stolen at GoDaddy using an email portal phishing scheme, then moved to the Chinese domain registrar, Ename.
The latter, does not comply with legitimate requests to transfer the domains back to GoDaddy, something that needs to be examined carefully, to investigate potential involvement of an accomplice.
ICANN accredited registrars that are based outside of the US seem to play a game of hardball, despite established proof related to domain thefts. So much for the ICANN “multi-stakeholder model”!
In this latest reported incident, we received the following chronicle by the legitimate owner of 3ON.com and W4F.com, two domains that were stolen and moved to Ename in China.
August 10, 2014: I have received a phishing email which I did not recognize as such and got tricked into logging into my domainsbyproxy account on a fake website.
August 25, 2014: Tried to open 3ON.com and it was not there anymore. Also, my private E-Mails on my domain [redacted] did not do through nor did I receive any. I found out that 3ON.com and W4F.com were moved to another registrar and the DNS settings of [redacted] in my Godaddy account were changed. I could change the settings, reset passwords and emails, but the domains were definitely moved to the infamous ENAME registrar in China.
August 26, 2014: I called up Godaddy customer support. They said that I might have fallen for a phishing attempt and the theft was performed getting a transfer code which was sent to my email which they could intercept as they had redirected my domain [redacted] to another server changing the DNS settings.
August 30, 2014: Godaddy asked me for a lot of documentation to reclaim the domain, which I managed to provide in the days after.
September 5, 2014: Final answer of Godaddy: “Although we requested that the current registrar reinstate you as the registrant, they have indicated that they will not assist with the return of the domain name. As the losing registrar, we no longer have control over the domain name. Likewise, any ICANN transfer is the responsibility of the gaining registrar. Therefore, you will need to contact the current registrar if you feel the transfer was handled improperly. Any dispute over the registration of the domain name will need to be sent to the registrant, current registrar, through an ICANN-approved arbitration provider (http://www.icann.org/en/dndr/udrp/approved-providers.htm) or the local court system.”
It is clear that as in previous cases of domain theft, the phishing incident at GoDaddy leads to a transfer of the stolen domains to Ename, a registrar that often refuses to return the domains despite all proof provided by GoDaddy.
As of September 11, the legitimate owner of the domains 3ON.com and W4F.com has filed a police report at their local police station, with the intent of delivering a Chinese translation to Ename. There are reports that if such a notice is provided, Ename would engage into action.
The estimated loss, per the domain owner, stands at $6,000 USD currently.
We will update the status of the stolen domain names, 3ON.com and W4F.com once new information is available. In the meantime, we have added 3ON.com and W4F.com to the Uniregistry Domain Tracker.