Friday, July 3, 2015

Domain purchase scam

I hold a few domains under my name, mostly because they're all related to some idea I once had and wanted to build. I didn't buy them with the intention of selling them, but recently I ran into the site Flippa.com which gives you a platform to sell domains. Since I never ended up doing anything with the domains I figured I'd put them up for sale, and if by some chance someone is really interested in one of the names I'll make a few bucks.

A few days ago, someone tried to scam me. So I'm sharing this in hope to inform or educate some others.

How did they reach me ?
I believe the scammer saw I was trying to sell a site on flippa and decided to contact me. I'm 100% sure this isn't related to flippa in any way, so I'm not blaming them in any way. The scammer could've just seen my domain for sale, and found my email in the whois database.
I always put my real details in the whois database, which exposes you to spam and scams like this, but this doesn't bother me, you just need to be careful. There are sites offering you to purchase privacy in the whois database - I think this is useless, and wouldn't spend money on this.

First Email
I received an email from someone named "Shlomo Greenberg" saying he's representing an investor from Europe that's interested in a specific domain of mine. He asked if I'm willing to sell, and if so, we'll negotiate the details in the next mail.

Hints this might be a scam
The first hint I had is that the email was a 'gmail' account, but gmail was smart enough to notify me that the 'from' address might be forged. I have never seen this message, but it looks like this :


Why is this a hint of a scam ? Because if someone is automating the emails, then they're sending it from some other server, and just forging the 'gmail' account to make it look like someone personally contacted me.

That being said, this probably doesn't mean 100% scam! I have never seen this before, but I'm sure this might happen in cases where you're not being scammed. This shouldn't stop you immediately, but this is a clear sign to proceed with caution.

Some basic investigation
Because of the gmail notice that seemed fishy, and because I'm a curious person by nature, I decided to do some very basic research about the person contacting me. You don't have to be a private investigator to do this, the simplest common sense will take you a long way.
The mail was signed by a "Shlomo Greenberg" and it said "Lawyer" next to it. It also had an Israeli address. I searched the internet for his name, with and without a lawyer prefix, in English and in Hebrew, but couldn't find anything. I also searched on google maps for the address he added, but it seemed to lead to some coffee shop.
(I'm not saying this Shlomo Greenberg guy isn't a real lawyer, maybe he is, but I couldn't find anything about him online, and as someone who claims to represent a European investor I would imagine that something would come up).

My reply
At this point, I still wasn't sure if this is a scam or not, but figured I have nothing to lose. I replied saying that I'm willing to sell for $2000, and let me know if the investor can pay that amount.

The scam!
I received an email back saying that the price isn't a problem for the investor, but they want a "domain certificate" so they know it's legit.
What is this "domain certificate" ?
He added a link to a page on "Google Answers" that someone asked how to get a domain certificate, and some other user answered with a link to a site to buy certificates. He said I should go to that link, and get a certificate.
He also explained that the certificate is to give an evaluation about the price of the domain, validate ownership, and to do some basic due-dilligence on the trademark.


At this point I knew it was a scam for quite a few reasons.

First, the "Google Answers" link he gave me wasn't a real google answers page. It was linked to "www.google-answers.org" which isn't a domain owned by google (according to whois), but it was perfectly crafted to look like a google answers page.
Google answers is a product that closed a long time ago. I never searched anything on google even and ran into quality search results on google answers, so even if it was a real google answers page, I wouldn't give it any credit.

Second, the link to get the domain certificate looked bad. I'm a web designer, so i have an eye for basic web design. It seemed very unprofessional, and didn't seem related to any official organization related to world wide web standards or anything like that.


Third, the certificate cost ~$150.

Lastly, if you're selling a domain, you shouldn't need to purchase any certificate of any sort!
Validation of ownership is done via whois, and if your details aren't there then you can simply transfer the domain via an escrow service which will easily protect both sides in the transfer.
There is no reason for someone selling a domain to do any due-dilligence. If someone ever asks you for this, it's bullshit. They can (and should) do all the research they want before purchasing the domain from you on there own.
Finally, I believe that the whole domain appraisal business is bullshit! I see people on flippa writing "this site got an appraisal of Xk dollars!". I don't believe there's an actual way to do a domain appraisal, and even if there is, it shouldn't mean anything to the seller. You should sell the site for as much as you can get someone to pay for it. If you can't get someone to pay more for it, then it doesn't matter how much you *think* it's worth, it's obviously not.


Benefit of the doubt
At this point, although I was sure it was a scam, I wanted to see how this would roll out. Obviously I'm not going to buy a domain certificate, but I replied kindly, stating that I am not going to spend the money for the certificate, but the buyer can pay for it if they want to.
I explained that I'm willing to do an escrow transfer so we're both protected.
Needless to say, I didn't get any response back...


Beware of scams!
There will always be people out there thinking of elaborate ways of scamming you, and spending time and money into crafting the techniques. The only reason they continue to do this is because it works to some extent.
Let's try to stop it, so the scammers will eventually realize it's not worth it neither.