There are many different facets to doing due diligence when buying a domain name. I use DomainTools’ Whois history tool to verify as much information as possible before buying a domain name. I will often call the phone number listed on the Whois record, and I may even call previous phone number listings as well. I don’t think too much due diligence is possible.
One area that may tip people off to a potential issue is a subtle email address change. When I see a very subtle change in the listed email address, it sets off alarm bells in my head. For example, if a Whois email address for 10 years was FirstNameLastName@yahoo.com and it recently changed to FirstNameLastName@hotmail.com, it makes me wonder if the change was legitimate. This change could be used for social engineering or to make others think the domain name has not changed hands.
I have seen and heard of domain name thefts where the thief makes a very subtle, almost unnoticeable change to the Whois entry. Most people might miss it, and if they do miss it, they could be buying a domain name from someone who isn’t the rightful owner of said domain name. This is especially the case when the prospective buyer does not have a DomainTools account to compare the current email address to previous email addresses on file.
There are many reasons why a subtle change might be necessary and completely legitimate. For instance, if a domain owner decides to change his email provider, he or she will need to update the Whois records.
Whenever I see a change on a Whois record, especially if it was recent and the domain owner reached out to me to sell a domain name, I have my guard up. Due diligence is necessary to be sure that a domain name sale is legitimate. Checking the email address is one facet of due diligence, and it should be done in conjunction with other due diligence.