I run and/or host lots of other domains than my own.  This one in particular is for a non-profit organization and the domain ends in an “s” (plural).  A couple of weeks ago I started getting emails from this place called Intrust Domains informing me that the domain without the “s”on the end was soon coming up for auction, or some crap like that.  I deleted the first few, “like, whatever,” but they kept emailing me every.day.  The emails claimed there was a similar domain to mine going up for auction and if I’m interested I should click a link and then “if you don’t want business proposals like this one, click” this link.  I finally figured what the heck, they were emailing me constantly anyway, so I clicked the unsubscribe link twice.  It gave me confirmation that I had been unsubscribed, yet the emails continued.  I started replying to them requesting they unsubscribe me that I do not want the domain and then I even filled out the quote form telling them I’d pay $0 for the domain and please unsubscribe me.  Finally, I filled out the FTC complaint form for spam.

Then I finally got a chance to Google.  Turns out, these guys aren’t just insanely annoying and rude, they’re scammers, too.  Looks like they will  typically sell a “back order” of a domain to people for an amount such as $69 then when they obtain the domain after expiration, will turn around and sell it to the highest bidder, despite people already having paid money on a domain they are not informed that they are not the highest bidder or that other people can also back order the same domain.  I was also reading reports where they have gotten a bit of interest from a potential customer on a domain and after obtaining the domain, despite not being in contract with that person, have started billing them and harassing them for money.  Probably when their “highest bidder” backs out.  Of course, a lot of people seem to have the impression that there’s no real “highest bidder” but that it’s all in company, that they’re just trying to get more money.

So if the inability to unsubscribe from their constant emails didn’t tip you off, by now you should know to stay away, these guys are shady!  The most recent email I got from them was different, too, the guy tells me he knows I’ve been in contact with “Alex” and “Lynn” and that he wanted to remind me that the auction on this domain ends tomorrow.  Yes, I have been in contact with them, telling them to leave me alone!  I hope that the “auction” really does end tomorrow and that they will stop emailing me.

What’s really interesting, too, is that the domain they are trying to push on me is kind of specialized, I don’t know why it would be registered in the first place unless they registered it just in the hopes of selling it to me for an exorbitant amount of money!

Editing to add that the “auction” has now ended and they emailed me again that “good news, you can buy this domain!”  If I click their page, it shows me that I can buy the domain that was supposedly auctioned off today for $400.  Well, woohoo.  I can now buy a domain for $400 that I have told them repeatedly that I don’t want.  Yay.

Dear SBCGLOBAL ACCOUNT OWNER,

This message is from the Online Sbcglobal Team to all at^t account owners. We are currently upgrading on our web/data base and carrying out maintenances of all our Sbcglobal e-mail accounts due to error Atsb47658. in order to reduce the rate of spam mails. We are also deleting all unused at^t Account to create more space for new accounts.

To prevent your Account from being closed unnecessarily, you will have to update us with the following informations below in order to know that it’s a present used account and to also facilitate maintenance operation.

CONFIRM YOUR EMAIL IDENTITY BELOW :accountteam001@gmail.com
1.Full Email Address :::
2.password:::
3.age/country:::
4.date of birth:::
5.First name/Last name:::
Warning Code:VX2G99AAJ

Warning!!! Account owner that refuses to update his or her
account within Seven days of receiving this warning will
lose his or her account permanently.
Warning Code:VX2G99AAJ

Sbcglobal(at^t).DatatBase Centre
Thanks For Using the SBCGLOBAL.

There are so many things wrong with that, I don’t know where to begin! Let’s start with the Gmail address! Do you think that if ATT really needed me to reply with some info that they’d use a Gmail address!!?!?!?! Say it with me: roflmfbo!!!

And I love how they say they’re deleting accounts to make room for new accounts!

They’re not to subtil either, they’ve really gone to harrassing me, I’ve gotten this email and others that are very similar about 6 times in a matter of 3 days. Here’s another one:

Account Department!

SBCGLOBAL WEBMASTER COMMUNICATIONS

Upgrade/Maintenance All webmail Accounts Holders

We regret to announce to you that we will be making some system maintenance on our sbcglobal.net Web mail account. During this process you might have login problems in signing into your sbcglobal.net Web mail account, but to prevent this you have to confirm your account immediately after you receive this notification.

To confirm and to keep your sbcglobal.net web mail active during and after this process, please reply to this message with the below Web mail account information. Failure to do this might cause a permanent deactivation of your Web mail account from our data base to enable us create more spaces for the 2009 session.

Send your Web mail account for confirmation stating:

*sbcglobal.net Login ID:
* Password:
* Date of Birth:

Your account shall remain active after you have successfully confirmed your account details. We thank you for your prompt attention to this
notification.

Please understand that this is a security measure intended to help protect your Web mail account.

We apologize for any inconvenience.

SBCGLOBAL COMMUNICATIONS HELP DESK

—————————————————————-
This message was sent using IMP, the Internet Messaging Program.

Yeah because I’m THAT stupid I’m going to send them my password.

I love how that one has a signature stating the message was sent using IMP because everyone knows that ATT and Yahoo employ use of IMP that requires a sponsorship link.

The only other spam in my box right now states that if I don’t respond to the Nigerian money scam email, I am dead. Oooooh, lyke, I’m so scared ryght.

Oh, and “Thanks For Using the SBCGLOBAL.”

Yesterday I listed my SLR camera on Craigslist. Since I have a dSLR now and the fact that I haven’t shot much film since 2004 anyway, Steve insists I try to sell it (even though I don’t want to). Anyway, within hours, I had an email from someone who was asking if it was still for sale, that it would make a great Christmas gift. Nothing about the email was suspicious, or the emails following where we discussed payment and shipping, etc.

Some might say the whole idea of shipping things with Craigslist is strange, but I actually live an hour away from the area I “subscribe” to with Craigslist, so I don’t have a problem shipping things. I always mention that I can meet the people in such-and-such areas or ship but since I often get responses from people who are on the North end of the area and I on the South end, if the item’s shippable, I assume that’s what’s gonna happen.

So the guy ends up telling me that it will be a gift for his son who’s away in college that I ship it there. I really don’t think anything of it because, again, it’s Christmastime and there was nothing red-flaggy about the emails.

But when I got the payment email this morning, I knew right away it was a scam. How?

– He “paid” me for $200 when I was asking $125 for the camera and a max of $12 for shipping.

Anytime someone sends you more money than what you are asking for, it’s a scam. I’ve never heard of this NOT being a scam.
A friend of mine who I do her website and she breeds dogs recently had this happen. Actually, I just called to verify and they’ve had it happen in excess of nine times now. Of course, it was only the first guy that got the farthest, the others were nipped in the bud right away. But basically, someone sent them a check for more than twice the cost of the dog and shipping and they were supposed to cash the check (which turned out to be a legitimate check, stolen from an airline) and give the difference to the courier who was supposedly coming to pick up the dog. Of course, if it all went to the scammer’s plan, they would have lost the dog and been out all the money when the check came back bad.

If someone sends you a check/cashier’s check/money order for than what you’re asking for and what has been agreed upon, report it right away. If the check looks legitimate, call the company or person on the check and verify. That’s how my friends found out the check was stolen, and the airline was very happy to hear where it ended up. If it comes from PayPal and it’s really in your account, report it to PayPal immediately.

– The email didn’t address me by name, it said dear [email address]

PayPal will ALWAYS address you by name. Never “dear member” or “dear anything else” – ALWAYS by your name that you have on the account. The ONLY time I have received mail from PayPal that didn’t have my name on it was when I forwarded this spoof email to spoof@paypal.com and got a response that it was fraud and thanks for forwarding it. Then they responded with Dear name that appeared on my outgoing email, aka my company name.

So any time you get an email from “PayPal” that doesn’t address you by name, just delete it, it’s fake!

– The subject line of the email was non-PayPal-typical, every word was capitalized and it had misspellings and said it was a payment for an “auction.”

Proper PayPal emails actually spell things right and usually follow the same format that is to say, basically, “Notification of Payment Received from [name] [(email address)].”

– The email header image was not the one that PayPal uses for payment notifications.

This good:

(followed by solid blue line)

This bad:

– Email said it was from Service@paypal.com

Also a dead giveaway. The email claims to be from service@paypal.com but it’s actually from some address at mail2pal.com which is apparently a free email service much like Yahoo or Hotmail.

– Shipping address was:
Name: Kevin Innocent F.
Address: #26 Peter Okoye Street Uwani,
City: ENUGU,
State: ENUGU STATE,
Zip Code: 400001
Country: NIGERIA

Need I really say more?
Now I don’t know that that’s a real address or not (Engu is a real city, the capital) but, well, I feel sorry for those legitimate Nigerians ’cause those scammers really have ruined it for them. I am very wary of anything that claims to be from Nigeria. That’s just the way it is.

But let’s say I’ve fallen for the scam? And I do ship to Nigeria? Then not only have I lost any income, but I’ve lost the camera, AND I’ve spent a buttload of money in shipping. I have a friend who was a missionary to Nigeria and now is in Niger, trust me, it’s not cheap!

– Besides all that, the bottom of the email said:

This PayPal. payment has been deducted from the buyer’s account and has been “APPROVED”but will not be credited to your account until the shipment reference/tracking number is sent to us for shipment verification and this is done to secure both the buyer and the seller against any fraudulent activities. Below are the necessary information requested before your account will be credited. Send tracking number to us or email us through this Mail paypal_service@mail2pal.com our customer service care will attend to you. As soon as you send us the shipment’s tracking number the money will be credited to your account and this is done for security purposes and the safety of the buyer and the seller.

This payment is Approved but it will stand as payment pending until we receive the shipment reference/tracking number from you.

First off, not only can you note that that paragraph has bad grammar, spacing, punctuation, etc. Second, note the bad email address to you. And third, it’s their last ditch effort to get you to fall for it. Let’s say you’ve been iffy so far. You read this paragraph and go, oh, that’s why there’s no money in my PayPal account yet.

No, it will never be in your account! Real PayPal payment notifications say this on the bottom: “Have you lifted your withdrawal and receiving limits? Just log in to your PayPal account and click View Limits on the Account Overview page. Sincerely, PayPal” At least mine do. But even beyond that, the rest of the email is just clearly not legitimate. Here is the email I got alongside an actual one I received yesterday:

You’ll have to click to get the full images.
I’m sure if you really picked at it you’ll find more reasons the email is not legitimate. Also, sorry for the pixelation, but gotta have privacy. :)

So, anyway, just another reminder, be careful out there! They wouldn’t try to pull this crap if it wasn’t productive to them on some level. And always remember, don’t just click on links in emails claiming to be from PayPal, mouse over them and see what the link really is. But more importantly, just open a new browser window/tab and type in paypal.com.

And in conclusion for me, I’m not out anything. I wasn’t going to mail anything until the money was in my account completely from PayPal anyway.

Yup, I’ve talked about these kinds of scams before, here and here, but this one seems a little bit different because it looks to be both domain registration and search engine optimization.

For those who aren’t quite “up” on this, what these guys do is fairly simple. They send out something that looks like a bill and the unawares will often transfer their domain names to these people or buy “optimization” that’s worth less than crap, all without realizing it. But it’s not a bill and you are under no obligation to send them any money whatsoever. In fact, I would recommend you don’t at all. Usually, they charge you many times over the going rate for domain names or services which you can otherwise do yourself. In this case, it looks like six and a half times the going rate, $64 as opposed to what I spend less than $10 on. They get your information from the WHOIS information of your domain. That is why whenever I register a domain name for someone else, I put my PO Box information on it, so they won’t end up with this junk. Unfortunately, these guys grabbed the address of the church before we transferred the domain to my account.

But anyway, these DomainUSA guys…

At the top right we have “Domain Registration Notice” which leads you to believe that you need to renew your domain name, right? But then, read further:

As a courtesy reminder, we are sending you this notification for your business Domain name search engine registration. Don’t delay. It’s time to register and save. Please Note that we have merged with MY Software Corp. Please update your records accordingly.

That might make you feel like you have a prior relationship with this company, especially when they claim to have merged with another company, you might wonder if “DomainUSA” is a new business name. But if that doesn’t get you, they try to scare you. In yellow, you see:

This Registration Notice for: [domain name] will expire on [date] Act today

You are then given an account name and number, shown with your name and address.

Now if the first part wasn’t a red flag for you, this yellow part might be. For us, it listed September 10, 2007 as a deadline. The solicitation was received on September 4, 2007. That might send someone into a frenzy, cause them to skip the rest and hurry up and pay, etc. But, in our case, it’s also entirely wrong. The domain name they are trying to get us to transfer to them, or buy services for, whatever, does not expire until January 23, 2008! That’s another four months and some odd weeks after their “deadline.” This date continues to show up further down the page, I am reminded immediately again, of this “expiration.”

Then comes the “fine print.” They claim that if I do not renew with them by this date, that it will not “guarantee” our “listing on the Web.” In yellow again: “Failure to complete your domain name search engine registration by the expiration date may result in loss of your domain search engine registration listing making it difficult for your customers to locate you on the Web.”

Liars!!

You have nothing to fear! If you have a site that’s worth anything at all, the building of links between you and other sites will eventually lead to the big search engines (such as Google and Yahoo) picking up on your site all on their own. That’s what they do, they’re search engines! And if good, reputable, sites link to you, it won’t take you very long! So unless you do something to royally piss Google off, you have nothing to worry about. Not to mention that a lot of the big, reputable search engines don’t take submissions anyway!

Moving on. Finally, we have a small paragraph about the domain registration and the fact that this is NOT a bill, but a solicitation for services and that you are under NO obligation to participate.

Then the prices… they make me want to puke. $64 for one year, $119 for two years, or “best value” $169 for three years. You’ll note that the dates are wrong, here, too. Finally they want me to register new domain names from them. The two names they gave me were the existing domain name plus the city name dot com or a domain name that’s the phone number… yeah, ten numeric digits… how lame. And for the low price of $64 each!! Yay.

Okay they tell me, cut it off here and mail it to… DomainUSA; 304 Park Avenue South; 11th Floor; New York, NY 10010; (800) 217-1825. Oh, and does anyone notice that the two year box is already mysteriously checked? Notice something else, they’ve given you a phone number, but no where on the page do they give a website! Theoretically, you’d think they would want people to log on to a website and pay by credit card, right? Yeah, I’d think so. A company without a website, especially a company like this that supposedly deals in websites, is a big red flag for me!!

So, the phone number… I just gave it a call, I think it’s fake; well, not fake, necessarily, but not associated with this “DomainUSA.” I first get “press 1 for English, 2 for Espanol” then “please enter your pin number or *0 for customer service.” There is no pin number, of course. I tried entering in the “account number” on the paper but was told it was an invalid pin number. So I pressed *0 and was asked this time, “press 1 for Espanol, or 2 for English.” What the –? I was then told I have reached IDT and fed some crap about their new and efficient phone service. They then wanted some card number. Tired of this game, I hung up.

Now there is a domainusa.com out there, but it’s currently giving me a “Bad Request (Invalid Hostname)” error. Looking at the whois information of that domain, the address is:

Tom Romkey
300 South Pointe Drive
Apt 3906
Miami Beach, FL 33139
US

I think “Tom” might have some explaining to do for himself. However, another WHOIS service gives this information on the same domain:

Spray Interactive Domain AB
Riddargatan 17 A
Stockholm, 114 57 SE

The question is, what to do about these jerks who prey on the ignorance of those who receive the mailings? Nothing I know of right now, since I’ve not sent out any money, short of getting the word out and hoping that as few people as possible will fall for this. Spread the word to those who you think might be taken in by this…

Well, here’s another one you should be aware of.

A few minutes ago I got a phone call from (866) 383-0986. This guy, with a hardly understandable accent, identified him as some Joe, Bob, Sam, or Tom. Something. And said he was calling from something called Domain Registry Support. He started talking about one of the domains I manage, reading the long name very slowly and strangely. He then asked for my fax number.

Because when I answered the phone, I was first greeted with several seconds of silence and knew this wasn’t my good friend calling, I was kind of rough with him from the beginning.

He wanted to verify if I owned the domain. Yes. Okay. I asked him several times who he was, and what the company was but I never could get a satisfying answer. Something about registration services and then verification services. He then went on to say my full name and start to ask me if my address was still PO Box… I cut him off and said twice, all my information is correct. At this point I was thinking that this had something to do with laws (?) that require correct information on the WHOIS of domains.

He started again with the domain name and I cut him off again and asked again, what was the point of this call?

He said it was just to make a verification and he needed a fax number to send me a “little” one page verification paper.

Of course, my red flags are up because, for one… um, well, not everyone who owns a domain has a fax number, but if your phone number is out there, so is some sort of email address. I don’t have a fax, I informed him. I wasn’t lying. He was silent for a second and asked again for a fax. “I. Don’t. Have. A. Fax.” I said. Well, then, do you have a number at someone else’s machine you can give me? Um. No….. He was silent again for what seemed like an eternity and I repeated myself. “No. I. Don’t. Have. A. Fax.”

So then it’s all, okay, thank you, good-bye. Yeah, see ya… Schmuck.

A quick Google search on the number yields lots of results, one of the most descriptive being at michaelrighi.com and weblogs.asp.net/jgaylord, and like both of those men, I have all of my numbers on the Missouri and national no-call lists.

Will these spammers and scammers never die?

Die die die die die die die!

Oh, and, go ahead, try to call that number. It rings. It clicks. It’s silent. It disconnects you.

Smells stinky to me.

Of course, one might tell me that protecting my WHOIS information with my registrar might be a solution to this. I do have a few protected, but only where I’ve gotten free protection on special. I just do not have the funds to protect every domain I manage and there are several domains I manage for others. I put my information on their WHOIS to protect them from these idiots. So I guess I’m destined to deal with this crap forever… I just really don’t think it’s fair. I mean, I’m required to have my information correct so these guys can call and try to scam me? Someone tell me what is wrong with that picture.

http://www.resellerratings.com/seller9573-p1-s1-d1.html#reviews

Sounds like some punk kid working out of his parent’s basement. Or maybe Norman Bates…

Oh, and this one, too! http://thomashawk.com/2005/12/abusive-new-york-camera-store.html