This month I received a call from someone impersonating GoDaddy. Last year someone called impersonating ICANN. Here’s what they were up to.
In August 2013 I received a phone call from someone who claimed to be working for ICANN. He said he needed to verify the contact information on a couple of my domain names.
The domain names were actually expired. The caller was trying to figure out if I still wanted the domain names. If I did, I’d get a call back later with an offer to re-purchase the domain names.
That call led me down a path in which I found a click fraud scheme asking people to click on PPC ads on domains owned by Domain Asset Recovery, a service that sold domain names back to people who let them expire.
Apparently this whois verification pretense to judge your interest in a domain you let expire makes a good bit of money, as this month I received calls similar to the one from last year.
On March 3, I received a phone call from someone claiming to be with GoDaddy’s verification department. It immediately smelled like B.S., and a few seconds later my suspicions were confirmed. The caller told me they needed to verify my contact information on several domain names. As he rattled off the list, I recognized them as domain names I had let expire.
I played along. He verified the information I previously had in whois for the domains. When he asked if I intended to keep using the domain names, I said yes.
I knew it was only a matter of time before I would receive another call offering to sell the domains that were verified.
That call came the next day, March 4.
A woman with Vurgo.com called and stated that Vurgo is a web development firm. She told me that they recently acquired some domain names for projects. Because I was the previous owner of the domains, they wanted to check with me to see if I wanted to buy them back for $99 each before they started using them.
She then rattled off the same list of domain names that the “GoDaddy” caller from the previous day used.
Again, I played along. At the same time I checked to see if the domain names had actually been registered. They had not…yet.
I told her I still wanted to use one of the domain names, TowerDiamond.com. Seconds later, the domain name TowerDiamond.com was registered at Dynadot in the name of Vurgo LLC.
The caller offered to transfer me to someone who could take care of the transaction on the phone, or to email me instructions. I asked her to email them:
On March 7 I received a similar verification call as the first one, with the new caller claiming to be with a “verification department that works with GoDaddy”.
The caller once again asked to verify contact details for domain names I previously let expire. When I asked him where he was located, he evasively answered “I don’t have that information right now.” He then asked if I planned to keep and renew the domain names. (They had already expired, of course).
Like clockwork, on the next business day I received a call from Vurgo letting me know that they recently registered some domain names I previously owned and offering to sell them to me.
This time I pushed back a bit. I told the caller that I just checked GoDaddy and they were still available.
That’s impossible, he told me. They were already registered. As soon as he said this he must have pushed a button, as the domains were suddenly registered. I checked Verisign’s whois timestamp and saw that they registered the domains while I was on the call.
I noticed that the voice of the caller changed midway through the call, and it was somewhat familiar. When I asked if I was talking to the same person, the person responded that he was the supervisor who took over the call because I was asking questions and the initial caller was just a “rookie”. The supervisor goes by the name Darren Smith, and he had called me a couple times earlier to make sure I was still going to pay for TowerDiamond.com.
I asked “Darren” why they called me about the same domains on Friday (alluding to the GoDaddy impersonator), and he said they did nothing of the sort. He asked why his company would have called on Friday and then waited until Monday to register the domains.
That’s a good question. I understand why you’d gauge interest with a “verification call” if you’re buying a domain in the drop. But in this case they wait until I expressed an interested in the domains before registering them.
Yet the group that contacted me last August impersonating ICANN had a phone number that tied back to domain names used to perpetrate a click fraud scheme. The click fraud scheme asked people to click ads on a number of domain names owned by Domain Asset Recovery, which was controlled by the same person that runs Vurgo. This March’s calls came from throw away numbers or numbers that do not accept incoming calls.
Regardless of who actually made the calls impersonating GoDaddy, they occurred exactly one business day before the corresponding calls from Vurgo asking about the same domains.
I can think of some reasons for this two-call approach. Perhaps the first call center or team is a lower cost one that tries to get verified leads for the closers.
One of the people behind Vurgo (and previously Domain Asset Recovery) is John Bonk.
Bonk was also involved with the work-from-home program Wealth Investors. Bonk pitched Wealth Investors at DomainFest in 2012. The service basically charged people to learn how to make money from expired domain names.
The Wealth Investors site later shut down, but Bonk offered another permutation of the “make money with expired domains” program under the name Click Millions. Its backers heavily promoted the program on NamePros.
(While Wealth Investors/Click Millions promoted making money from parked domain names, at least one of the program’s owners was profiting from domains receiving fraudulent clicks from the click fraud scheme.)
I tried calling Bonk on the phone number listed in whois for many of his domain names. I got a message that the number was temporarily disconnected. After a couple weeks of trying, I was able to reach him via email yesterday.
I informed Bonk that I was publishing a story involving him, Vurgo, and impersonating GoDaddy under the guise of verifying domain owner information.
Bonk responded: “Hi Andrew, the campaign you are referring to was terminated last week. Also we never impersonated Godaddy – we are a research and development firm at this point.”
I followed up by explaining the two separate calls — one from a GoDaddy impersonator and the next one from Vurgo — and asked Bonk if he was aware that the call center or company he hired was doing this.
Bonk wrote back:
“I am unaware of that. We did purchase leads from a source that provided us verified whois information for expiring domain names and we do reach out to them to offer drop catching services. I never questioned how this information was obtained or what they said since we were only purchasing leads. But as I said before we don’t use that company anymore.”
Impersonation aside, the calls on behalf of Bonk’s company Vurgo were full of lies. The biggest was that the company had already registered the domain names for development purposes, when in reality the domains were still available for registration until the caller thought he had a sucker on the line.