Lawsuit provides complete correspondence in alleged domain heist.
A lawsuit against Tucows provides a rare, detailed glimpse into a possible domain theft.
The suit was brought by Mrs. Jello, LLC against Tucows with regards to a domain name purchased by Mrs. Jello (MJ). MJ bought the domain name W9.com for $20,000 from someone purporting to be the owner of the domain name. MJ completed the transaction through Escrow.com and received the domain name.
Several days later, MJ received an email from 123CheapDomains.com, a Tucows Open SRS reseller where the domain was registered, alleging that the person that sold the domain to MJ had gained access to the real owners’ email to access the domain.
The lawsuit complaint (pdf) includes the complete correspondence between MJ, the alleged domain thief, 123CheapDomains.com, and Moniker, where MJ transferred the domain name upon purchase.
It provides a rare glimpse into how someone who allegedly stole a domain started communications with MJ regarding selling the domain. It includes their complete negotiations.
It also includes an email sent by a 123CheapDomains.com representative to Moniker requesting the domain name to be transferred back to it.
In an email from 123CheapDomains.com to MJ, the company claimed that MJ did not notice obvious irregularities and warning signs in the communications from the seller:
You did not do all the appropriate steps for aquiring (sic) the domain w9.com.
1. I looked at the attached emails and the person who sold it to you sent you an email from firstname.lastname@example.org
This is not the email address on record for Whois. And Steve Rice is not the owner of the domain name and is not listed on the whois record as the owner. At this point you should been (sic) suspicious that someone is trying to sell you a stolen a (sic) domain…
3. Just because you went through Escrow.com does not make the transaction a legitimate one. Buying a stolen domain is almost as bad [as] hijacking one.
The lawsuit is worth reading to get a better understanding of how such events take place. And, assuming the domain actually was stolen from the rightful owner by the person who sold the domain to MJ, it’s a reminder that email accounts are often times the weakest link in domain security.