Imposter spoofed UDRP provider to get customer information and lock domain.
On today’s DNW Podcast, John Berryhill mentioned a developing situation with a client’s domain name. You can listen to the entire discussion about the issue starting at 34:00 of today’s show.
In a nutshell, name.com sent an email to a customer informing him that his two-letter .com domain had been locked because a UDRP was filed. It’s standard procedure for domain registrars to lock domains upon receiving a UDRP notice.
The registrant reached out to John, asking him to look into the UDRP.
Normally, a domain owner will receive a communication from the UDRP provider informing them of the dispute. These can land in spam folders or otherwise not arrive, though.
In this case, the domain owner didn’t receive anything. John looked for recently filed cases at WIPO, FORUM, and Czech Arbitration Court, but could not find a case involving the domain. There are a couple of other small UDRP providers that don’t publish new case information.
For some reason, name.com wouldn’t tell the customer which UDRP forum sent the notice.
This created a headache for the customer. What if someone filed a case with one of these other UDRP providers, the registrant didn’t receive the notice, and it resulted in a default decision?
When I recorded the podcast interview on Friday, John said he was going to have to file a lawsuit against a John Doe to prevent this from happening.
John gave a couple of other theories about what might have happened. He said it’s possible that someone spoofed a UDRP provider to trick name.com into locking the domain. Making it worse, when a registrar receives a UDRP notice, they must respond with the registrant’s information.
Well, today, John found out this hypothesis was correct. Someone tricked a name.com representative with an email pretending to be from a UDRP forum. Worse, name.com provided the domain owner’s information to the imposter.
Name.com sent an email to the customer, notifying him:
On March 23, we received notice of a UDRP complaint for your domain. The notice purported to come from a frequently used domain dispute resolution provider. Pursuant to our standard processes, we responded to the notice providing your registration information and locked the domain. If this had been a legitimate request, you (and we) would have received further information about the complaint shortly thereafter from the case manager.
We subsequently investigated and determined that the notice we received did not come from a valid email address associated with the domain resolution provider and instead appears to have come from an unknown third party. We have not been notified of a legitimate UDRP action regarding your domain.
We don’t know why the perpetrator sent the UDRP notice. But knowing the customer’s information creates an attack vector for domain theft. It could also be someone who wanted to get contact information to try to buy the domain.
There are a couple of takeaways from this situation.
First, I don’t know how good this spoof was, but there needs to be some sort of check in place before a registrar sends customer data in response to an email.
Second, there’s no reason a registrar shouldn’t tell a customer which UDRP forum sent the notice. This would have saved the customer a lot of time (and perhaps money) by resolving the issue sooner.
This is unacceptable!! No checks and balances.
So your domain gets locked and in the process of getting transferred out of your account and they cannot tell you why and no information can be given to you!! How pathetic is that!!
So if this is a big business like AA.com , their websites can be down!!
This tells you how weak their security is
Hope there a big $$$$ lawsuit..
A transfer lock would not take a website down.
Unacceptable behavior from Name.com. By the way, why is it that there are several different UDRP providers? Why not just stick with one?
Capitalism 101: Increased competition improves quality and lowers prices.