Legal News

How I First Learned of Richard Lau

26

Yesterday afternoon, Richard Lau posted an article about NamesCon, a domain conference taking place in January that he is organizing. I want to share a brief story about how I heard of Richard, who I have come to respect over the last several years.

In August of 2007, I received an email from a strange email address:

Dear Domain Buyer,
,
I want sell my domain name [“redacted.com”] , If you intersted to buy this domain, please send your offer in USD.”

When I did a Whois search and then a historical Whois search

Tips to Prevent Buying Stolen Domain Names

55

I have been fortunate to never have to deal with an issue involving stolen domain names. I think this is partially attributed to the due diligence I do before buying a domain name, and it’s also probably a bit of luck mixed in as well. It seems like domain name theft has been an issue for many years and will continue to harm the domain industry in the future.

Domain Gang has a good article about stolen domain names that you should read when you get a chance. Theo offers some very good tips about how you can avoid buying stolen domain names.

Because buying a stolen domain name can have serious legal and financial consequences, I want to share a few additional tips that can help you not buy a stolen domain name and can potentially help if you inadvertantly do purchase a stolen domain name.

Humorous Reply to a C&D Letter Sent to the Owner of a Geodomain Name

When I was initially looking to acquire a geodomain name, I was assured by a number of people that there would not likely be any issues regarding owning a domain name that comprises the name of a city or town. In the 5+ years of owning at least two geodomain names, this has proven to be true, with nary a complaint received. Unfortunately for one guy, this isn’t the case.

Staci Zaretsky shares an interesting story on the Above the Law legal website concerning the WestOrange.info geodomain name. WestOrange.info is owned by a person named Jake Freivald who had built a “rudimentary” website about the town of West Orange, New Jersey. According to the article, “it doesn’t look like a site that’s sponsored by West Orange in any way, shape, or form — unless the town hired middle schoolers to create its online presence.”

That apparently didn’t stop the town attorney from

Why You Need a Good Domain Name Lawyer

Most people who invest in domain names probably hope that they never need to use the services of a good domain name lawyer. I think the perception may be that if you have to hire a lawyer for something, it probably means you did something bad or someone is threatening you. That’s not the case, and I think it’s important for everyone to know how to get in touch with a good lawyer who knows domain names and intellectual property (IP) law.

There are many instances when it would be beneficial for a domain name investor to use an attorney or law firm well-versed in domain name and Internet law. Here are several of these instances:

Weather Underground Awarded $3.5 Million in Cybersquatting Lawsuit

In my opinion, there’s a common misconception that if domain investors own trademark domain names, the worst that can happen is they lose them in a UDRP. Some people think their only potential loss would be the loss of revenue from the domain names. An article in Crain’s Detroit shows that cybersquatting can have far greater consequences, and hopefully it will serve as a bit of a wake up call to those who don’t know that they may be playing with fire.

According to the article, Weather Underground filed a lawsuit in U.S. District Court against Navigation Catalyst Systems Inc., Firstlook, Inc and COnnexus, Corp.    Weather Underground was represented by two law firms, Traverse Legal (Enrico Schaefer and Brian Hall) and Hooper Hathaway (Anthony Patti).

The case started out with a winning UDRP filing for 41 domain names, but subsequent research showed that the company believed the defendant owned additional domain names. According to the article, Weather Underground filed a lawsuit and

Anonymous Guest Post: “How My Go Daddy Account Was Hacked”

36

This is a guest post from someone who wishes to remain anonymous. The article discusses how the person’s Go Daddy account was hacked.

—-

So it was a Monday morning a few weeks back – the start of a new workweek. That Monday morning I had a few things on my plate one of which was to renew a few domain names at Godaddy.com. I have been with Godaddy since the early days – I believe I registered my first name there in 1999. I have an executive account rep and I rarely have any issues with them.

That Monday morning, I tried to log into my account and it seemed as if I may have mistyped my password – I change my password all the time and it was early, maybe 7am est, I figured that I must have just forgotten my password. I submitted the password retrieval request on the site and I received a message telling me that my email address was incorrect. I am a little paranoid so I immediately believed my account was hacked or at least compromised in some way.

I then call the executive accounts number to find out exactly what was going on. It was 5 am in Gilbert Az. where Godaddy is located, but they had a rep there to assist me. This rep was not my account rep, but none the less was able to get into my account to inform me that my email had been changed about a half hour earlier and that I pushed one of my domain names to another account. The account rep helped me regain control of my account, I reset all of my passwords, and my 4 digit pin number.

I eventually got the domain name back and put a crazy high security setting on my account – where nothing can happen at all with any domain name unless I get a personal phone call and give a additional special code (a different code than the 4 digit call in security pin – a real pain in my ass – but I feel necessary now). I was also frantically checking all my other accounts in my life…I was pleasantly surprised that none of my other accounts such as banking, other registrars, paypal, email addresses, etc…had any issues with hacking – All seemed fine – I still changed all passwords etc for all my accounts….

I assumed somehow my Godaddy password got compromised and that was all – so no real worries and this was the end of it. At the time the only thing that bugged me was that it seemed Godaddy would not investigate the hacking at all for me and was pretty unhelpful in providing me any info so I could investigate it myself – there was plenty of data Godaddy could use to investigate this hacking, but I was told they did not have access to the information I was asking for. Oh well – I just figured they did not really care as it seemed that everything was back on track for me at this point and the problem was on my end. I thought that was the end of it…no such luck.

Two days later I got my account hacked again – nothing was taken as they could not move or make any changes – this really had me crazy freaked out. I concluded the problem was actually on my end – I have a mac – but I still had a thorough scan of my computer for malware and/or keylogger apps – found no issues – I wiped it clean anyway – I also purchased a powerful security software which I installed. I then changed all my Godaddy passwords, user pin etc…again – as I did with all of my other accounts in my life – Banking, emails, other registrars, etc. This seemed to do the trick as I stopped having any issues…until this morning.

My account was hacked again – I found out as soon as I woke up around 6:20am; no other personal accounts such as banking etc…had any issues – just my Godaddy account. The hacker tried to push a few domain names out, but could not as I have the high security settings which require a personal phone call with code (and the code is not online)…I was really just baffled and I immediately called Godaddy as now I was certain the breach was not on my end.

I spent a marathon session with an early morning Godaddy executive account rep and I was not taking “we don’t have access to that info” as an answer… I will say that this account rep seemed to truly care about the problem and was working with me to get to the bottom of it – He was able to look into many of the things I asked him to look into and we did get to the answer.

We realized I had not deleted any of my expired credit cards or old paypal billing agreements from my account – so I had expired cards and paypal confirmations dating back from 2000 still associated with my account. In addition to the standard giving your 4 digit pin number, Godaddy will allow access to your account with the last 6 digits of any credit card expired or not – they will additionally give access to your account with the last 4 digits of any paypal billing agreement code – which is plainly visible to anyone who has access to your Godaddy account or email account.

The hacker was calling into Godaddy and pretending to be me. The hacker seemed to originally be able to access my account by getting ahold of an old/expired credit card number and changed my email address by having the Godaddy rep send the email confirmation to the hackers designated email address – it appears as Godaddy accepted expired credit card data to allow access into my account without knowing the designated 4 digit pin number (for credit cards on Godaddy – the last 4 digits are visible on the account – but they do require the last 6 digits in lieu of the 4 digit pin number you set).

From there – the hacker gained access to my account and made note of all the entries in my ‘payment methods’ area for paypal billing transaction codes. So you know – when you authorize instant payment from paypal – you set up a billing authorization – which is kept in your ‘payment methods’ area and most of the transaction number is not visible but the last 4 digits are visible. Godaddy will allow access to your account with those 4 digits from the paypal transaction billing agreement – which is visible on my account.

In summary – The Godaddy rep was able to tell me that the hacker each time called into Godaddy – gained access to my account by either using an expired credit card number (as they did the 1st time) or last 4 digits of a paypal billing agreement code. I deleted 3 dozen old credit card numbers and all the paypal billing agreements from my account. I believe this has finally secured my account.

It is really troubling to know that everywhere I use my credit card is a potential new breach into my Godaddy account. IMO it is only a matter of time before hackers perfect this breach. I truly hope this is the end of my story on this. My suggestion to everyone is to check your payment methods and delete all the expired credit cards and all your paypal billing agreements.

Recent Posts

Squadhelp Adds Escrow.com as a Payment Option

1
Squadhelp has added Escrow.com as a payment option for buyers. The addition of the Escrow.com option was shared by ARIYAS on X this morning: 👍...

Some Thoughts on .AI Domain Names

19
There is no question that .AI domain names have become a hot topic of late. With considerable amounts of venture funding flowing into AI...

Handoff to Dan on Imported Leads Can be Confusing

0
I've been using the lead import option at Dan.com more regularly. Although the 5% commission is not ideal, transactions tend to move more quickly...

ArtificialIntelligence.com Goes Up for Sale

11
I tried to buy the ArtificialIntelligence.com domain name multiple times over the last 10 years. The emails I sent to the registrant went unanswered,...

EU Gives More IP Protection to Food & Drink Producers

0
Did you know that some well-known food and drink varieties are protected intellectual property regulations? Popular types of drinks and foods that are protected...