scam

Damn Scam

This week a web client emailed me asking:
Did all of your clients get this (domain transfer) notification?
I assume it’s legit? I just paid for the five year renewal of the domain name.
Will you handle the transfer or should I?

Well, it was not legit and it makes me furious. The client had received a snail mail letter informing them to transfer their domain name to Domain Registry of America (www.droa.com). It was worded in such a way that they thought it was imperative. Sneaky bastards.

I did a search:
1. This from PCmag.com – http://blogs.pcmag.com/securitywatch/2007/10/beware_of_domain_name_scams_in.php

2. From someone who describes a letter like my client’s: http://trinaallen.wordpress.com/2008/04/11/domain-registry-of-america-scam/

droa.com letter
droa.com letter

3. In trying to explain why the registration WHOIS information is public, I found this:
The problem is two-fold: ICANN (the guys who “overlook all the domain stuff on the Internet”, for lack-of better phrasing) voted in a new rule that states all domain owners _MUST_ have legitimate contact methods shown in their WHOIS records. That is, the owner of the domain must put a legitimate address and telephone number in their WHOIS records.” (from http://www.broadbandreports.com/forum/remark,16948194 )
(see UPDATE 4 below) 

Continue reading