This month I received a call from someone impersonating GoDaddy. Last year someone called impersonating ICANN. Here’s what they were up to.
In August 2013 I received a phone call from someone who claimed to be working for ICANN. He said he needed to verify the contact information on a couple of my domain names.
The domain names were actually expired. The caller was trying to figure out if I still wanted the domain names. If I did, I’d get a call back later with an offer to re-purchase the domain names.
That call led me down a path in which I found a click fraud scheme asking people to click on PPC ads on domains owned by Domain Asset Recovery, a service that sold domain names back to people who let them expire.
Apparently this whois verification pretense to judge your interest in a domain you let expire makes a good bit of money, as this month I received calls similar to the one from last year.
On March 3, I received a phone call from someone claiming to be with GoDaddy’s verification department. It immediately smelled like B.S., and a few seconds later my suspicions were confirmed. The caller told me they needed to verify my contact information on several domain names. As he rattled off the list, I recognized them as domain names I had let expire.
I played along. He verified the information I previously had in whois for the domains. When he asked if I intended to keep using the domain names, I said yes.
I knew it was only a matter of time before I would receive another call offering to sell the domains that were verified.
That call came the next day, March 4.
A woman with Vurgo.com called and stated that Vurgo is a web development firm. She told me that they recently acquired some domain names for projects. Because I was the previous owner of the domains, they wanted to check with me to see if I wanted to buy them back for $99 each before they started using them.
She then rattled off the same list of domain names that the “GoDaddy” caller from the previous day used.
Again, I played along. At the same time I checked to see if the domain names had actually been registered. They had not…yet.
I told her I still wanted to use one of the domain names, TowerDiamond.com. Seconds later, the domain name TowerDiamond.com was registered at Dynadot in the name of Vurgo LLC.
The caller offered to transfer me to someone who could take care of the transaction on the phone, or to email me instructions. I asked her to email them:
On March 7 I received a similar verification call as the first one, with the new caller claiming to be with a “verification department that works with GoDaddy”.
The caller once again asked to verify contact details for domain names I previously let expire. When I asked him where he was located, he evasively answered “I don’t have that information right now.” He then asked if I planned to keep and renew the domain names. (They had already expired, of course).
Like clockwork, on the next business day I received a call from Vurgo letting me know that they recently registered some domain names I previously owned and offering to sell them to me.
This time I pushed back a bit. I told the caller that I just checked GoDaddy and they were still available.
That’s impossible, he told me. They were already registered. As soon as he said this he must have pushed a button, as the domains were suddenly registered. I checked Verisign’s whois timestamp and saw that they registered the domains while I was on the call.
I noticed that the voice of the caller changed midway through the call, and it was somewhat familiar. When I asked if I was talking to the same person, the person responded that he was the supervisor who took over the call because I was asking questions and the initial caller was just a “rookie”. The supervisor goes by the name Darren Smith, and he had called me a couple times earlier to make sure I was still going to pay for TowerDiamond.com.
I asked “Darren” why they called me about the same domains on Friday (alluding to the GoDaddy impersonator), and he said they did nothing of the sort. He asked why his company would have called on Friday and then waited until Monday to register the domains.
That’s a good question. I understand why you’d gauge interest with a “verification call” if you’re buying a domain in the drop. But in this case they wait until I expressed an interested in the domains before registering them.
Yet the group that contacted me last August impersonating ICANN had a phone number that tied back to domain names used to perpetrate a click fraud scheme. The click fraud scheme asked people to click ads on a number of domain names owned by Domain Asset Recovery, which was controlled by the same person that runs Vurgo. This March’s calls came from throw away numbers or numbers that do not accept incoming calls.
Regardless of who actually made the calls impersonating GoDaddy, they occurred exactly one business day before the corresponding calls from Vurgo asking about the same domains.
I can think of some reasons for this two-call approach. Perhaps the first call center or team is a lower cost one that tries to get verified leads for the closers.
One of the people behind Vurgo (and previously Domain Asset Recovery) is John Bonk.
Bonk was also involved with the work-from-home program Wealth Investors. Bonk pitched Wealth Investors at DomainFest in 2012. The service basically charged people to learn how to make money from expired domain names.
The Wealth Investors site later shut down, but Bonk offered another permutation of the “make money with expired domains” program under the name Click Millions. Its backers heavily promoted the program on NamePros.
Click Millions later shut down as well. It was subject to many complaints on NamePros and complaints to the Better Business Bureau.
(While Wealth Investors/Click Millions promoted making money from parked domain names, at least one of the program’s owners was profiting from domains receiving fraudulent clicks from the click fraud scheme.)
I tried calling Bonk on the phone number listed in whois for many of his domain names. I got a message that the number was temporarily disconnected. After a couple weeks of trying, I was able to reach him via email yesterday.
I informed Bonk that I was publishing a story involving him, Vurgo, and impersonating GoDaddy under the guise of verifying domain owner information.
Bonk responded: “Hi Andrew, the campaign you are referring to was terminated last week. Also we never impersonated Godaddy – we are a research and development firm at this point.”
I followed up by explaining the two separate calls — one from a GoDaddy impersonator and the next one from Vurgo — and asked Bonk if he was aware that the call center or company he hired was doing this.
Bonk wrote back:
“I am unaware of that. We did purchase leads from a source that provided us verified whois information for expiring domain names and we do reach out to them to offer drop catching services. I never questioned how this information was obtained or what they said since we were only purchasing leads. But as I said before we don’t use that company anymore.”
Impersonation aside, the calls on behalf of Bonk’s company Vurgo were full of lies. The biggest was that the company had already registered the domain names for development purposes, when in reality the domains were still available for registration until the caller thought he had a sucker on the line.
Donna Mahony says
Thank you Andrew!! Liked, tweeted shared etc!
James says
I think it would be entertaining and punitive for every victim of this call scam to do as Andrew and follow through right to the end, let them make the purchase, and then hang up. The worse the domain, the better. That might change their business model.
Andrew Allemann says
Dynadot allows customers to delete some registrations for a refund, which may be part of the reason they registered the domains there.
Rob says
Awesome summary Andrew! I love reading your articles. Thank you.
George Kirikos says
One of your best articles ever, Andrew.
Acro says
You told them you were interested in only one domain? I’d act all shocked and panicked, stating that not renewing the domains was a grave mistake. Watch those buggers renew the entire lot!
Andrew Allemann says
They registered four domains from the second call after I started questioning about the domains still being available.
James says
I think the real person behind the scheme is Richard Saperstein
Andrew Allemann says
Saperstein was involved with the companies (at least Click Millions) at one time.
Andrew Allemann says
This is a video interview with John Bonk regarding Click Millions.
https://www.youtube.com/watch?v=m93zRucyjfk
David Lunquest says
Great article. The only part I do not agree with is the ending. While you may not like the fact they call you up and offer your domain back it beats the alternative I’ve faced. I let a decent domain go and someone else bought it. I ended having to buy it back for $375.00. While I don’t agree with the practice 100%, i’d gladly pay $99.00 versus what I paid above to some random person.
Anyways, keep up the great articles. Love reading them.
Acro says
I think the real deal breaker is the impersonation part. It’s at least a class B misdemeanor and it deserves police involvement.
John Berryhill says
I’ll see your misdemeanor and raise you a felony – Google 18 USC 1343
Ryan says
Here is another one of these so called unnamed people:
Godaddy, Dynadot and all these companies need to start shutting these people down. Seize their accounts, with the domains in them, make them send notarized documents to claim these assets back, and they will learn very quickly.
I don’t want to hear, this domain is registered with us, but we do not host it BS GODADDY, start dealing with these people, instead of handing dominsbyproxy info over on innocent people.
———————-
Mark Sittler —> Obvious Fake Name
Vastus Domains
Creation Date: 2014-03-19 13:10:22
Registrant Name: Dario Birtic
Registrant Organization: Vastus d.o.o.
Registrant Street: Radnicka 24
Registrant City: Djurdjenovac
Registrant State/Province: Osjecko-Baranjska
Registrant Postal Code: 31511
Registrant Country: Croatia/Hrvatska
Registrant Phone: +385.31371333
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
John says
I would love to respond to Mr. Allemann’s false accusations. I’m the Founder and CEO of Vurgo LLC. My wife and I met Mr. Allemann several years ago at a New Orleans domain conference. Seemed like a nice chap, but didn’t think he would generate a series of vicious lies in search of some type of story, try to come up with some type of conclusion and then state it on the Internet as fact. I guess that’s what you get with a low salaried reporter trying to bad mouth a multi-million dollar domainer.
I tried to clarify what little he told me before the article (I never saw an advance copy so I was in the dark with my responses to him). His accusations that I tried to hide from him by not responding is a joke since I get many inquiries from various reporters and other sources that I simply don’t have time for.
As I explained, he tried to put two different vendors together and make it look like it all came from me. We purchased verified whois leads from a supplier (that we stopped using) and we would immediately call these leads to see if they were interested in getting their domain name back. We are not interested in gouging anyone for the buyback price (our fees are roughly what you would pay any drop catcher). In fact we offer payment plans on the $99, discounts for multiple domains, etc. Hardly a scam I would say. Anyway, we had no idea what the supplier was saying to verify whois information. Categorically we deny impersonating Godaddy or any registrar for that matter – why in the world would we do that? We are a registrar affiliate for several registrars and we typically like to use Dynadot because of their API capabilities (we would gladly use Godaddy if they had similar API facilities). When we call the leads, depending on the drop date – if the drop date is in the future, we move it to our drop catching software; otherwise we register it right away. We foot the risk on whether the original owner will buy it back – otherwise we try to grace delete it, and finally we just keep it and try to monetize.
We feel we are doing a service by letting customers know their website is down and they’re about to lose their domain name. Could they have registered it themselves on the drop date? Sure, but most people (even domainers) don’t know the actual drop date and time so a competitor could grab it (which we have also seen often). $99 (or less) is a ridiculously low price for buyback compared to our competitors (who I’ve seen charge up to $1,500).
I would be happy to respond to any inquiries or questions you have regarding our business or any other business we have (we have several in the Internet e-commerce world). Shoot me an email at [email protected] and I’ll get to them as soon as I can. Thanks and Mr. Allemann, just because you have an active imagination disparately seeking a storyline no matter how farfetched, does not give you license to make libelous remarks.
Ryan says
Mr.Vurgo,
I am sure there are many disgruntled clients who are looking for your so called multi million dollar domain based assets in judgement of such actions by your infamous companies. You are no domainer, that is for sure, I am sure you are responsible for maxing out dynadots deletion rates, and I am glad they have increased pricing. If Dynadot is reading this, I would hope they suspend your account based on your actions.
Ryan says
I thought this name sounded familiar to me:
John Bonk
his handle is online is: ebatcave
This is one of the domains he owns, which fits the content above:
clickmllions.com
Google Land Merchandising Corp wipo
Roche Diagnostics GmbH v. Land Merchandising Corp
Case No. D2010-0173
B. Respondent
The Respondent did not reply to the Complainant’s contentions in this proceeding.
7. Decision
For all the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the Domain Name be transferred to the Complainant.
ADMINISTRATIVE PANEL DECISION
Ticketmaster v. John Bonk
Case No. D2008-1491
DMINISTRATIVE PANEL DECISION
Comair Limited v John Bonk
Case No. D2009-0094
Memorial Sloan-Kettering Cancer Center v. – a/k/a John Bonk
Claim Number: FA1005001323580
You are going to trend on Google today Mr.Bonky!
Andrew Allemann says
John, is there a particular statement in this story that you are disputing?
John Berryhill says
So, putting the best face on this, based on what you wrote:
“Anyway, we had no idea what the supplier was saying to verify whois information.”
Viewed most favorably to you, then what you are saying is that you don’t know one way or another what they were doing. In other words, you have no basis to deny Andrew’s assertion that they were impersonating GoDaddy, but you are keen to deny knowledge of what, in fact, they were saying in order to develop those leads you were purchasing.
One would not think there are many independent contractors just accumulating leads on registrants of expiring names, nor that someone would just, out of the blue, decide to run a call center making those calls.
Ryan says
This will most likely be your next UDRP
Like, really come on
trojanvibratons.com
jZ says
So you are accusing andrew of lying when he said the domains were unregistered at the time of the call?
Rubens Kuhl says
Anyone that sends any contact data, either e-mail or telephone, to Vurgo is just asking to receive more impersonated calls. If you seriously want to talk to people and try to explain this, publish an 800 number that accepts blocked Caller ID calls.
Mike says
Great reporting Andrew!
rich says
It’s not just smurge / Rich Saperstein. He works in tandem with another predator frim the great state of TN
BizBot / Douglass Brooks. They’re neighbors, and occasionally, lovers.
There’s more about the duo here:
http://lhota.org/
rich says
Mr. John Bonk, CEO from
wealthinvestors.com
another scambag. Friend of Douglass Brooks and Richard Saperstein from TN.
How long till the federal indictment?
DNSR says
I wasn’t going to jump in on this, but now I will. Mr. Bonk, please explain to me what’s outlined on the article linked below. It’s a very detailed description like Andrew’s with proof that your company doesn’t actually own the domains that you contact people about.
Please explain this one away…
http://dnsr.com/vurgo-also-known-as-domain-asset-recovery-same-scam-new-company-name
Ron Jackson says
Great job Andrew! While Mr. Bonk’s manic tap dancing in his response to you was mildly amusing, I really got a kick out of this line – “I guess that’s what you get with a low salaried reporter trying to bad mouth a multi-million dollar domainer.” If he had had any credibility to begin with (which he didn’t) that line would have erased it.
Andrew, with this story you should be able to get a raise out of your boss so you can emerge from poverty (oh wait, you ARE the boss). Still, even with your own very successful (and honest) business you will never be in the same league as “multi-millionaire domainer” Mr. Bonk (or should I say, Mr. “Bunk” which the dictionary defines as “unacceptable behavior (especially ludicrously false statements)” for which I’m sure you are quite grateful! 🙂
Brad Mugford says
Great article and research Andrew.
The domain world needs more articles like this that highlight and expose the shady things that are going on.
Brad
Brad Mugford says
“I guess that’s what you get with a low salaried reporter trying to bad mouth a multi-million dollar domainer.”
Who cares? Just having money does not give you any credibility.
In fact there is no correlation between having money and having integrity. Many times it can be the opposite where people are able to gain wealth only by lowering the ethical bar.
Brad
DNSR.com says
Andrew is that last comment from the same John Bonk IP address as the first one?
Andrew Allemann says
It appears that was a fake comment. I have unapproved it for now, unless John contacts me and confirms it was his.
Rob says
i just love the comment: “…we are a research and development firm at this point.”
AT THIS POINT? to me that says “evasive, dodgy and evasive”. you either know what you are doing or you don’t! that sounds like a “pack up and run” type of operation.
Bob says
https://vurgo.com/payment/index.php?domain=%27
franharrington says
Does anyone have a working email for Vurgo/John Bonk? All the ones I could try bounce back. Vurgo purchased my domain when I let it slip, and then I paid them to get it back but still do not have access to it (this was in February). Any help would be much appreciated.
DNSR says
Bonk, John [email protected]
Land Merchandising Corp
337 McGinnis Circle
Collierville, Tennessee 38017
United States
+1.9018610195
Jill says
I’ve read enough. Scammers are scammers and they do not know how else to operate. They’re sub-human.