Domain Fraud Prevention: Red Flags to Watch When Buying or Selling (2025)

Quick Answer

Table of Contents

The Scope of Domain Fraud

Domain fraud is a multi-million dollar problem affecting thousands of buyers and sellers annually. Unlike domain theft (unauthorized takeover of domains you own), domain fraud involves deceptive practices during legitimate-looking transactions.

Why Domain Fraud Thrives

High-Value Assets: Premium domains sell for thousands to millions of dollars, attracting sophisticated scammers.

Complex Transactions: Domain transfers involve technical steps across multiple platforms, creating confusion scammers exploit.

Limited Recourse: International transactions, cryptocurrency payments, and jurisdictional issues make recovery extremely difficult.

Information Asymmetry: Buyers often don't know how to verify domain ownership, creating opportunities for fraud.

The Financial Impact

Average losses:

• Individual buyers: $2,500-$15,000 per scam
• Business buyers: $25,000-$500,000+ for premium domains
• Sellers: $5,000-$50,000 in stolen payment/domain combinations

FBI IC3 data: Domain-related fraud consistently ranks in the top 20 cybercrime categories by reported losses, with increasing sophistication year over year.

Who Gets Targeted?

First-time buyers: Lack experience spotting red flags, don't know legitimate processes.

High-value sellers: Targeted by sophisticated scammers willing to invest time in elaborate schemes.

Business executives: Targeted through spear-phishing for premium corporate domains.

Non-English speakers: Language barriers exploited through confusing legal language and fake documentation.

Anyone in a hurry: Scammers create artificial urgency to bypass due diligence.

Common Domain Scams Targeting Buyers

1. Fake Escrow Scams

The scam: Fraudster sets up legitimate-looking escrow website with domain similar to Escrow.com.

How it works:

1. Scammer lists domain for sale (often at attractive price)
2. Buyer agrees to purchase using escrow
3. Scammer suggests "their preferred escrow service" with professional-looking site
4. Buyer sends payment to fake escrow
5. Payment goes directly to scammer
6. Domain never transfers, fake escrow site disappears

Look-alike domains identified:

• escr0w.com (zero instead of 'o')
• escrow-secure.com
• escrowdomain.com
• escrow-services.com
• secure-escrow.net
• domainescrow.co
• escrow-payment.com

Only legitimate escrow: Escrow.com (and Dan.com's integrated escrow system)

Annual losses: Estimated $2-5 million from fake escrow scams

2. Stolen Domain Resale

The scam: Scammer steals domain through hijacking, immediately lists for quick sale at below-market price.

How it works:

1. Domain hijacked from legitimate owner (phishing, social engineering, etc.)
2. Listed immediately on marketplace or via private sale
3. Price set 30-50% below market to attract fast buyers
4. Domain sold and transferred to buyer before original owner discovers theft
5. Original owner recovers domain through registrar/ICANN complaint
6. Buyer loses domain AND money (no recourse against seller who's vanished)

Why it's dangerous: You can unknowingly become the victim of someone else's theft. When the legitimate owner proves ownership, the domain gets returned to them, and you lose everything.

Real example: Premium .com domain worth $50,000 hijacked, sold within 24 hours for $18,000 cash (no escrow). Buyer lost $18,000 when domain returned to original owner.

3. The "Distressed Seller" Scam

The scam: Seller claims emergency, pressures buyer to skip escrow or use expedited "alternative" payment.

Common stories:

• "I need money for medical emergency, please wire directly"
• "My business is shutting down, I need payment by end of day"
• "Another buyer willing to pay more but will give you 24 hours if you wire today"
• "Escrow takes too long, I'll give you $2,000 discount if you send PayPal Friends & Family"

The pressure: Creates artificial urgency to bypass rational decision-making and security protocols.

Outcome: Money sent, domain never transferred, seller disappears.

4. Fake Documentation Scam

The scam: Seller provides elaborate fake documents to establish credibility.

Fake documents:

• Forged business licenses
• Fake escrow receipts
• Photoshopped bank statements
• Fabricated previous sale records
• Counterfeit notarized documents

Why it works: Creates false sense of legitimacy, especially for international transactions where verification is difficult.

5. The "Third Party Transfer" Scam

The scam: Seller claims they're selling on behalf of someone else (company, client, estate, etc.).

Red flags:

• Won't provide direct contact with actual owner
• Can't answer technical questions about domain history
• WHOIS shows different owner than seller claims
• "Acting as authorized agent" without verifiable authorization

Why it's dangerous: Seller may not have authority to sell. Even with payment and transfer, real owner can reclaim domain.

Common Domain Scams Targeting Sellers

1. Overpayment Scam

The scam: "Buyer" sends payment exceeding sale price, asks seller to refund difference.

How it works:

1. Buyer agrees to purchase domain for $5,000
2. "Accidentally" sends $8,000 via check or PayPal
3. Asks seller to refund $3,000 difference immediately
4. Seller sends $3,000 back
5. Original $8,000 payment is fake/fraudulent and reverses
6. Seller loses $3,000 + domain (if transferred)

Payment methods used:

• Fake cashier's checks
• Stolen credit cards via PayPal
• Fraudulent wire transfers that get recalled
• Counterfeit money orders

Why it works: Exploits seller's eagerness to close deal and unfamiliarity with payment fraud mechanics.

2. "My Lawyer Will Handle Escrow" Scam

The scam: Buyer insists on using "their lawyer" or "their company's escrow service" instead of established platforms.

How it works:

1. Buyer appears professional, representing "legitimate company"
2. Insists on using their corporate lawyer for escrow
3. Provides professional-looking escrow agreement
4. Seller transfers domain to lawyer's account
5. Payment never arrives
6. "Lawyer" was scammer or fake identity

Variation: "My company policy requires we use our approved vendor for all transactions"

Why it's dangerous: Legitimate businesses use Escrow.com. Insistence on alternatives is major red flag.

3. Fake Buyer Identity Scam

The scam: Scammer impersonates legitimate company or individual to build false credibility.

Tactics:

• Uses email address similar to known company (microsoft-inc.com vs microsoft.com)
• Creates fake LinkedIn profile mirroring real executive
• References legitimate company deals or public information
• May even spoof phone numbers to match company

How it works:

1. Approaches seller claiming to represent major brand
2. Negotiations seem professional
3. Eventually requests payment bypass or unusual arrangement
4. OR transfers domain then disputes payment through fraudulent means

Verification failure: Seller doesn't independently verify buyer identity through official channels.

4. Payment Dispute / Chargeback Scam

The scam: Buyer uses payment method allowing dispute/chargeback after receiving domain.

How it works:

1. Buyer pays via PayPal, credit card, or similar reversible method
2. Seller transfers domain
3. Buyer files dispute: "unauthorized transaction" or "item not received"
4. Payment reversed to buyer
5. Seller loses domain AND payment

Why it works:

• Domain transfers are intangible, hard to prove delivery
• Payment processors often favor buyer in disputes
• Domain already transferred before chargeback processes

Most vulnerable payment methods:

• PayPal (especially Friends & Family which offers NO protection)
• Credit cards (90-day chargeback window)
• Some wire transfers (can be recalled through bank fraud claims)

5. The "Inspection Period" Scam

The scam: Buyer requests domain transfer for "inspection" or "verification" before final payment.

How it works:

1. Buyer makes initial deposit (10-20% of price)
2. Requests domain transfer to "verify technical aspects" before final payment
3. Domain transferred
4. Buyer disappears, never sends remaining payment
5. Seller has initial deposit ($2,000) but lost domain worth $20,000

Justifications buyer gives:

• "Need to verify DNS records"
• "Our technical team needs to inspect before approval"
• "Company policy requires possession before final payment"

Reality: All technical verification can be done without domain transfer.

Fake Escrow Scams

Fake escrow scams deserve deep examination as they're among the most financially devastating domain frauds.

How Fake Escrow Sites Operate

Domain registration: Scammer registers domain similar to Escrow.com, often months in advance to appear established.

Professional design: Sites cloned from Escrow.com with minor branding changes. Often indistinguishable at first glance.

Fake testimonials: Stolen reviews, fabricated success stories, counterfeit trust badges.

SSL certificates: Scam sites have valid HTTPS certificates, making them appear secure and legitimate.

Customer service: Some sophisticated scams operate fake support email/phone, responding professionally to build confidence.

Payment processing: Scammer receives payments directly, not held in trust account.

Identifying Fake Escrow Sites

Check the exact domain:

✅ LEGITIMATE: escrow.com
❌ FAKE: escr0w.com (zero instead of letter 'o')
❌ FAKE: escrow-secure.com
❌ FAKE: escrowservices.com
❌ FAKE: secure-escrow.net
❌ FAKE: escrow.co

Verify business registration:

• Real Escrow.com: Licensed in California, audited financial institution
• Check business license: California Department of Business Oversight
• Verify physical address matches official records

Look for inconsistencies:

• Spelling errors in legal documents
• Generic email addresses ([email protected])
• Incomplete contact information
• Missing regulatory information
• No verifiable company history

Test customer service:

• Call official Escrow.com number (found independently, not from suspicious site)
• Ask to verify transaction ID provided by seller
• Legitimate Escrow.com can confirm active transactions

Common Fake Escrow Variations

1. Chinese Escrow Scams

Particularly prevalent in Chinese domain market, targeting both Chinese and Western buyers.

Fake platforms:

• Sites mimicking Escrow.com with Chinese interfaces
• "Escrow" services integrated into fake marketplaces
• WeChat/QQ-based "escrow agents"

Scale: Estimated losses exceed $10 million annually in Chinese domain market alone.

2. Cryptocurrency Escrow Scams

Exploit confusion around crypto transactions and "smart contract escrow."

Red flags:

• "Automated escrow" that's actually just sending crypto to scammer
• Fake smart contract addresses
• "We use blockchain escrow" (vague, no verification)

Reality: Legitimate crypto escrow exists (like Escrow.com's crypto option), but most "crypto escrow" claims are scams.

3. Integrated Marketplace Scams

Fake domain marketplaces with "built-in escrow."

How it works:

• Entire marketplace is scam operation
• Multiple "sellers" (all the same scammer)
• "Integrated escrow" goes directly to scammer
• Professional appearance with many listings

Example: Fake Sedo/Afternic clones targeting buyers searching for these platforms.

Financial Impact

Average loss per fake escrow scam: $8,500

Recovery rate: Less than 5% (most payments irreversible, scammers international)

Prosecution rate: Approximately 2% (jurisdictional challenges)

Real Case Studies

Case 1: The $45,000 Escrow Scam

• Premium domain listed on forum
• Seller suggested "escrow-secure.com"
• Site looked identical to Escrow.com
• Buyer sent $45,000 via wire transfer
• Money went to offshore account
• Domain never existed (fake listing)
• Seller and site disappeared within hours

Case 2: The Sophisticated Long Con

• Scammer built relationship with buyer over 3 months
• Negotiated purchase of $85,000 domain
• Suggested escrow site: "escrowdomain.com"
• Site had been running for 6 months with positive fake reviews
• Buyer did superficial verification (looked legitimate)
• $85,000 transferred
• Site remained online 2 weeks before shutting down
• Investigation revealed 12 victims, total losses $380,000

Stolen Domain Sales

Buying a stolen domain—even unknowingly—can result in total loss of both the domain and your payment.

How Domains Get Stolen for Resale

1. Account hijacking: Attacker gains access to registrar account through phishing, credential theft, or social engineering.

2. Immediate listing: Domain listed for sale within hours (before owner notices theft).

3. Below-market pricing: Set 30-60% below market value to attract quick buyers.

4. Rush tactics: "First come first served" or "I have other interested buyers" to pressure quick decisions.

5. Fast transfer: Domain pushed to buyer immediately upon payment.

6. Discovery: Original owner discovers theft days/weeks later, files complaint.

7. Recovery: ICANN policy and registrar procedures return domain to proven legitimate owner.

8. Buyer's loss: Buyer loses domain (returned to rightful owner) and payment (seller long gone with money).

Why Buyers Can't Keep Stolen Domains

ICANN Transfer Dispute Resolution Policy (TDRP):

• Original owner can prove ownership through account history
• Registrar reverses fraudulent transfer
• Domain returned to legitimate owner
• Buyer has no rights (didn't purchase from legitimate owner)

Legal principle: You cannot gain title to stolen property, even as good-faith purchaser. This applies to domains.

Example analogy: If you buy a car and later discover it was stolen, police seize the car and return it to rightful owner. You're a victim of fraud but can't keep stolen property.

Red Flags for Stolen Domains

Pricing anomalies:

• 40%+ below comparable sales
• "Fire sale" or "desperate seller" language
• Unwilling to negotiate (wants quick sale)

Seller behavior:

• Won't use escrow or pushes for immediate wire transfer
• Can't answer domain history questions
• WHOIS shows recent ownership change (days/weeks ago)
• Pressures for immediate decision
• Won't provide purchase history or provenance

Domain characteristics:

• Premium domain that would normally sell through broker
• Established site suddenly available
• Multiple domains from same seller at suspicious prices

Recent registrar transfer:

• Domain just moved to new registrar (thieves often transfer out immediately)
• Or domain at unfamiliar registrar (thieves use specific registrars with weaker security)

How to Verify Domain Isn't Stolen

1. Check WHOIS history:

Use DomainDetails.com to view complete WHOIS history
Look for:
- Recent ownership changes (last 30 days)
- Recent registrar changes
- Sudden availability after years of stable ownership

2. Research domain history:

• Google domain name with "stolen" or "hijacked"
• Check NamePros, DNForum for theft reports
• Search domain in ICANN UDRP/TDRP databases

3. Verify seller identity:

• Confirm seller matches current WHOIS registrant
• Request verification via email shown in WHOIS
• If WHOIS private, ask seller to verify control (like updating nameservers temporarily)

4. Check domain age vs listing:

• 10-year-old premium domain suddenly listed by individual seller (not broker) = suspicious
• Established website suddenly for sale = verify with site contact information

5. Insist on Escrow.com:

• Legitimate sellers have no issue using escrow
• Escrow provides inspection period to verify domain legitimacy
• Can file complaint within inspection period if discover theft

6. Google the seller:

• Check if seller has history/reputation in domain industry
• Look for complaints or scam reports
• Verify business registration if claiming to be company

What to Do If You Bought a Stolen Domain

Immediate actions:

1. Document everything: Save all correspondence, payment receipts, transaction records
2. Contact your registrar: Report suspicious transaction
3. File police report: Create paper trail for potential restitution
4. Report to IC3.gov: FBI's Internet Crime Complaint Center
5. Dispute payment if possible: If used credit card or PayPal, file fraud dispute immediately
6. Contact original owner if identified: May be willing to work with you as fellow victim
7. Consult attorney: Especially for high-value domains ($10,000+)

What NOT to do:

• Don't assume you can keep the domain
• Don't make significant investments in the domain (development, marketing)
• Don't try to negotiate with original owner for payment (you have no leverage)
• Don't threaten or harass original owner (you may face legal action)

Fake Domain Appraisal Scams

Unsolicited domain appraisals are almost always scams designed to extract money from domain owners.

How the Scam Works

1. Unsolicited contact:

• Email or phone from "domain broker" or "appraisal service"
• Claims they have interested buyer or your domain is highly valuable
• Offers "free appraisal"

2. Inflated appraisal:

• Returns absurdly high valuation (5-10x realistic value)
• Example: Your $500 domain appraised at $25,000
• Creates excitement and greed

3. The catch:

• "To list with our premium buyers, we need $299 listing fee"
• Or "Appraisal report costs $499 to access buyer network"
• Or "Join our exclusive auction for $899 membership"

4. Payment extracted:

• Owner pays fee hoping to get inflated sale price
• Nothing happens, no buyers materialize
• Company stops responding or makes excuses

5. Additional scams:

• Renewal fees ("keep your premium listing active")
• Appraisal updates ("new buyer interested, $199 to re-activate")
• "Buyer found but needs escrow upgrade fee"

Why This Scam Thrives

Exploits greed: Huge potential payoff clouds judgment.

Appears legitimate: Professional websites, official-sounding company names.

Low barrier: $299-$899 feels small compared to $25,000 potential sale.

Difficult to verify: Domain valuation is subjective, hard to disprove inflated numbers.

Targets inexperienced owners: Those unfamiliar with realistic domain values.

Red Flags

Unsolicited contact:

• Legitimate buyers work through established marketplaces/brokers
• Cold calls about your domain are almost always scams
• Especially suspicious if domain is low quality

Too-good-to-be-true appraisal:

• Your unpronounceable .net appraised at $50,000? Scam.
• No free lunch in domain valuation
• If it sounds unbelievable, it is

Upfront fees:

• Legitimate brokers work on commission (paid at sale)
• No legitimate service charges listing fees for "access to buyers"
• Membership fees for "exclusive buyer networks" are scams

Pressure tactics:

• "Buyer will lose interest if we don't move quickly"
• "Limited time offer to join premium network"
• "This appraisal is only valid for 48 hours"

Generic company names:

• "Premium Domain Brokers"
• "Elite Domain Appraisals"
• "International Domain Network"
• Lack of specific identity, traceable business registration

Known Scam Operations

Domain Advisory Services: Notorious for unsolicited high appraisals followed by listing fees. Multiple consumer complaints, no successful sales reported.

World Domain Appraisal: Cold calls with inflated valuations, pushes $499 "complete appraisal package" and $899 "auction placement."

Elite Domain Group: Similar operation, targets owners of expired domains, claims "special buyer interest."

Pattern recognition: These operations rebrand frequently. Watch for:

• Generic professional names
• Offshore registration
• Upfront payment requirements
• No verifiable successful sales

Legitimate Domain Valuation

Free tools:

• EstiBot.com (algorithmic estimate)
• GoDaddy Domain Appraisal (free basic estimate)
• NameBio.com (actual comparable sales data)

Legitimate brokers (commission-based):

• Sedo.com (commission on successful sales only)
• Afternic.com (commission-based)
• GoDaddy Domain Broker Service (commission-based)

Professional appraisals (for legal/tax purposes):

• CAA (Certified Appraisers Guild of America)
• Professional appraisers who provide certified reports
• Used for estate planning, divorce settlements, tax purposes
• Cost $100-$500 but provide legally defensible valuations

Red flag: If someone contacts YOU with unsolicited appraisal, it's almost certainly a scam.

Domain Slamming (Fake Renewals)

Domain slamming mimics deceptive practices from the telecom industry, targeting domain owners with fake renewal notices.

What is Domain Slamming?

Definition: Sending official-looking renewal notices to domain owners when the sender is NOT their actual registrar, attempting to trick them into transferring the domain (and paying inflated renewal fees).

Legal status: Deceptive practice, violates FTC regulations, but enforcement is difficult.

Financial impact: Owners overpay 2-10x normal renewal costs, often locked into multi-year contracts.

How the Scam Works

1. Fake renewal notice arrives:

• Looks like official invoice
• Uses urgent language: "FINAL NOTICE" or "EXPIRES SOON"
• Shows your domain and correct expiration date (pulled from public WHOIS)
• Appears to come from official-sounding entity

2. Inflated pricing:

• Charges $30-$95 for .com renewal (actual cost: $8-$15)
• Often includes "mandatory" add-ons:
  • "Domain listing service" - $49
  • "Search engine submission" - $99
  • "Email management" - $29

3. Fine print:

• Buried in tiny text: "This is NOT a bill, this is a solicitation"
• Or "By paying, you authorize domain transfer to [New Registrar]"
• Most victims don't read fine print

4. Outcome if paid:

• Domain transferred to new registrar
• Charged inflated renewal rate
• Often locked into multi-year contract
• Difficult/expensive to transfer back

Real Examples

Domain Registry of America:

• Most notorious domain slamming operation
• Sends official-looking renewal notices
• Charges $30-45 for .com renewal (normal: $10-15)
• Multiple class-action lawsuits, FTC complaints
• Still operating despite legal actions

Domain Renewal Group:

• Similar tactics to DROA
• Targets expiring domains automatically
• Fine print reveals it's "offer to transfer"
• Thousands of complaints

Search Engine Traffic:

• Combines renewal scam with SEO services
• Charges $75+ for renewal plus "mandatory" search engine submission
• Services are worthless (search engines crawl sites automatically)

How to Identify Domain Slamming

Check the sender carefully:

✅ LEGITIMATE:
- Email from your actual registrar (GoDaddy, Namecheap, etc.)
- Matches registrar shown in your account

❌ SCAM INDICATORS:
- Email from unfamiliar company
- "Domain Registry" or "Domain Services" (generic names)
- No mention of your actual registrar
- Paper mail (most registrars use email)

Pricing red flags:

• $25+ for .com renewal (normal: $8-15)
• Mandatory bundled services
• Multi-year requirement
• No monthly price breakdown

Urgency and pressure:

• "FINAL NOTICE" (you'd receive multiple notices from real registrar)
• "ACT NOW OR LOSE DOMAIN"
• Deadline in days (real registrars send notices months in advance)

Fine print disclaimer:

• Look for tiny text saying "solicitation" or "offer to transfer"
• Legitimate renewals are bills, not offers

What to Do

If you receive a suspicious renewal notice:

1. Do NOT pay immediately
2. Log into your actual registrar account (bookmark this for safety)
3. Check actual renewal date and status
4. Renew through your actual registrar if needed
5. Report the scam:
   • FTC: reportfraud.ftc.gov
   • ICANN: reporting.icann.org
   • Your actual registrar

If you already paid:

1. Contact the company immediately:

   • Request cancellation and refund
   • State you did not authorize domain transfer
   • Send certified letter if no response

2. Dispute credit card charge:

   • File dispute for "deceptive practices"
   • Provide evidence of scam (fine print showing "solicitation")

3. Transfer domain back:

   • Unlock domain at new registrar
   • Get authorization code
   • Transfer back to preferred registrar
   • Cost: $10-15 transfer fee

4. Report to authorities:

   • FTC complaint
   • State Attorney General
   • ICANN complaint

Prevention

Enable auto-renewal:

• At your preferred registrar
• Ensures domain renews automatically
• No need to respond to renewal notices

Lock your domain:

• Enable registrar lock
• Prevents unauthorized transfers
• See Understanding Registrar Lock

Use privacy protection:

• Hides your email from WHOIS
• Reduces spam and scam attempts
• See Domain Privacy Protection

Bookmark your registrar:

• Always access through saved bookmark
• Never click links in renewal emails
• Verify it's your actual registrar

Enable two-factor authentication:

• Prevents unauthorized account access
• See Two-Factor Authentication for Domain Accounts

Phishing Attacks Targeting Domain Owners

Phishing attacks aim to steal domain credentials by impersonating registrars, ICANN, or other trusted entities.

Common Phishing Scenarios

1. Fake Security Alert

Subject: "URGENT: Suspicious Activity Detected on Your Account"

Email content:

• Claims unauthorized login attempt
• Says account will be suspended unless you verify
• Provides link to "verify your account"
• Link goes to fake login page

What happens:

• You enter credentials on fake site
• Credentials captured by attacker
• Attacker logs into real account
• Your domains stolen within hours

2. Fake Domain Expiration Warning

Subject: "FINAL NOTICE: YourDomain.com Expires Tomorrow"

Email content:

• Urgent expiration warning
• Claims domain will be deleted
• Requests immediate login to renew
• Link to fake renewal page

What happens:

• Credentials stolen
• Real domain may not even be close to expiration
• Attacker transfers out valuable domains immediately

3. Fake ICANN/Registry Notice

Subject: "ICANN Compliance: Verify Domain Registration Data"

Email content:

• Claims ICANN requires data verification
• Threatens suspension for non-compliance
• Requests login via provided link
• Looks official with ICANN logos

What happens:

• Victims trust "ICANN" authority
• Credentials stolen
• Domains hijacked

4. Fake Transfer Authorization

Subject: "Authorize Domain Transfer Request"

Email content:

• Claims transfer request received
• Asks you to authorize or deny
• Link to "manage transfer"
• Actually tricks you into authorizing real transfer to attacker

What happens:

• Clicking link may auto-authorize transfer
• Or steals credentials for manual transfer
• Domain transferred out immediately

Identifying Phishing Emails

Check sender address carefully:

✅ LEGITIMATE GoDaddy: [email protected]
❌ PHISHING: [email protected]
❌ PHISHING: [email protected]
❌ PHISHING: [email protected]

Look for these red flags:

• Generic greetings: "Dear Customer" instead of your name
• Urgency: "Act now or lose domain"
• Threats: "Account will be suspended"
• Grammar errors: Typos, awkward phrasing
• Suspicious links: Hover to see actual URL (doesn't match claimed domain)
• Requests for credentials: Legitimate companies never ask for passwords via email
• Unusual attachments: PDFs or documents that seem suspicious

Verify by hovering over links:

Email shows: https://godaddy.com/renew
Hover reveals: https://g0daddy-secure.net/phish

Notice the zero instead of 'o' and completely different domain

Advanced Phishing Techniques

1. Domain Spoofing

Attacker makes email appear to come from legitimate domain using email header manipulation.

Example:

From: GoDaddy Support <[email protected]>
(But actual sending server is attacker-controlled)

Why it works: Many email clients show display name, not actual sender.

How to detect: Check email headers (show original/raw message) to see actual sending server.

2. Clone Phishing

Attacker copies legitimate email from registrar, replaces links with malicious ones.

Example:

• Real renewal reminder from GoDaddy
• Attacker clones exact format
• Changes "Renew Now" link to phishing site
• Indistinguishable without checking link URL

3. Spear Phishing

Targeted attack using personal information.

Example:

• Attacker knows you own PremiumDomain.com
• Email specifically mentions that domain
• References recent WHOIS changes (pulled from public data)
• Appears highly personalized and credible

Why it's dangerous: Personalization overcomes skepticism.

What to Do If You Clicked a Phishing Link

If you entered credentials:

1. Immediately change passwords:

   • Log into real registrar account (via bookmarked URL)
   • Change password immediately
   • Enable 2FA if not already active

2. Lock all domains:

   • Enable registrar lock on all domains
   • Prevents immediate transfer

3. Check account activity:

   • Review recent login history
   • Check for unauthorized changes
   • Verify contact information unchanged

4. Contact registrar:

   • Report phishing attempt
   • Request account security review
   • May place additional security flags

5. Monitor for 72 hours:

   • Attackers often act within hours
   • Watch for transfer authorization emails
   • Deny any unauthorized transfer requests

If you didn't enter credentials:

1. Delete email
2. Report as phishing to your email provider
3. Report to registrar (forward phishing email)
4. Update passwords anyway as precaution
5. Verify 2FA is enabled

Prevention

Enable email authentication:

• Request registrar use DMARC/SPF/DKIM
• Makes spoofing harder

Use password manager:

• Auto-fills only on legitimate domains
• Won't auto-fill on phishing sites
• Provides protection layer

Bookmark registrar:

• Never click email links
• Always use bookmarked login page
• Verify URL before entering credentials

Enable 2FA:

• Even if credentials stolen, attacker can't login
• See Two-Factor Authentication guide

Security awareness training:

• For businesses managing valuable domains
• Regular testing and education
• Make phishing recognition part of culture

Email filtering:

• Use quality spam/phishing filter
• Gmail, Outlook have strong filters
• Consider additional security for business domains

Wire Transfer and Payment Fraud

Wire transfers are particularly vulnerable to fraud due to their irreversible nature.

Why Wire Transfers Are Risky

Irreversible: Once sent, wire transfers cannot be recalled or disputed (unlike credit cards or PayPal).

Fast: Funds available to recipient within hours, often before fraud detection.

International: Many domain transactions cross borders, making legal recourse extremely difficult.

No buyer protection: Wire transfers have zero fraud protection for senders.

Favored by scammers: These characteristics make wires the preferred payment method for fraudsters.

Common Wire Transfer Scams

1. The Fake Seller Scam

How it works:

1. Scammer lists domain (often doesn't own it)
2. Negotiates sale
3. Requests wire transfer directly (refuses escrow)
4. Provides wire instructions
5. Buyer sends payment
6. Seller disappears, domain never transfers

Why it works: Wire sent before transfer verifiable.

2. The Payment Switching Scam

How it works:

1. Legitimate sale in progress via Escrow.com
2. Scammer intercepts communications (email hack or man-in-the-middle)
3. Sends fake email: "Escrow wire instructions have changed"
4. Provides scammer's account instead of real Escrow.com account
5. Buyer wires to wrong account
6. Money gone, Escrow.com never received payment

Real case: $125,000 domain sale, buyer's email compromised, wire instructions changed, funds sent to scammer in Eastern Europe. Total loss.

3. The Business Email Compromise (BEC)

How it works:

1. Attacker compromises email of buyer, seller, or broker
2. Monitors transaction progress
3. At payment stage, sends email from compromised account
4. Provides fraudulent wire instructions
5. Victim wires to attacker thinking it's legitimate counterparty

FBI statistics: BEC scams resulted in $2.4 billion losses in 2023, often involving high-value transactions like domain sales.

4. The Fake Escrow Wire Scam

How it works:

1. Scammer directs buyer to fake escrow site
2. Fake site provides "escrow wire instructions"
3. Buyer wires payment thinking it's held in escrow
4. Money goes directly to scammer
5. No domain transfer ever initiated

Prevention: Only use Escrow.com and verify wire instructions by calling official Escrow.com phone number.

Protecting Wire Transfers

Always verify wire instructions independently:

1. Call recipient using phone number you source independently (not from email)
2. Verify account details verbally before sending
3. Confirm amount and account name match exactly
4. Send small test wire first ($100) for large transactions, verify receipt, then send remainder

Use Escrow.com wire verification:

• Escrow.com provides wire instructions in your dashboard
• Call Escrow.com directly: +1-415-801-2270 to verify
• Never rely solely on email instructions
• Check wire instructions match dashboard exactly

For business transactions:

Implement dual authorization:

• Require two people to approve wires over threshold (e.g., $10,000)
• Prevents single compromised employee sending fraudulent wire

Verbal verification policy:

• Any wire instruction change MUST be verified by phone call
• Use known phone number, not number in suspicious email
• Call back even if caller ID looks legitimate (can be spoofed)

Email security:

• Use encrypted email for financial transactions
• Implement email authentication (DMARC, DKIM, SPF)
• Flag external emails clearly
• Train staff on BEC awareness

What to Do If You Sent Wire to Scammer

Act IMMEDIATELY (within minutes/hours):

1. Contact your bank:

• Call bank's fraud department immediately
• Request wire recall
• Time critical: faster you act, higher chance of recovery
• Banks can sometimes recall wires if caught before processed by recipient bank

2. Contact recipient bank:

• If your bank can't recall, contact recipient bank directly
• Report fraud, request funds be frozen
• Some jurisdictions require banks to cooperate with fraud investigations

3. File police report:

• Local police (establishes official record)
• FBI IC3 report: www.ic3.gov
• For international wires: report to recipient country authorities if possible

4. Report to registrar/escrow:

• If involving domain transaction, report to all parties
• May help in investigation or warning others

5. Consult attorney:

• For amounts over $25,000, legal counsel recommended
• May pursue civil action or criminal complaint
• International transactions may require specialized attorney

Recovery rates:

• If caught within hours: 15-30% recovery rate
• If caught within 24 hours: 5-10% recovery rate
• After 48 hours: Less than 2% recovery rate

Why recovery is difficult:

• Wires move through multiple banks
• Scammers withdraw cash immediately
• International jurisdictional issues
• Wire system prioritizes speed over security

Red Flags When Buying Domains

Comprehensive checklist of warning signs for domain buyers.

Pricing Red Flags

❌ Too good to be true: Premium domain at 40%+ below market value

❌ Pressure pricing: "This price only valid for 24 hours"

❌ Vague justification: "Need money fast, first reasonable offer accepted"

❌ No negotiation: Seller won't discuss price, wants immediate acceptance

❌ Below comparable sales: Check NameBio.com for actual sales data of similar domains

What to do: Research comparable sales. If price is significantly below market, investigate why. Ask seller for purchase history and reason for sale.

Seller Behavior Red Flags

❌ Refuses escrow: Won't use Escrow.com or insists on alternative

❌ Wants immediate wire transfer: Pressure to wire funds directly

❌ Cryptocurrency only: Insists on crypto payment (often irreversible)

❌ Can't verify ownership: Won't prove they control domain

❌ Won't answer questions: Vague about domain history, previous use

❌ Poor communication: Grammar errors, inconsistent information

❌ Creates urgency: "Other buyers interested", "Deal expires soon"

❌ Anonymous: Refuses to provide any identity verification

What to do: Walk away. Legitimate sellers have no problem with escrow, answering questions, and reasonable verification.

Domain History Red Flags

❌ Recent ownership change: WHOIS shows ownership changed in last 30 days

❌ Recent registrar transfer: Just moved to new registrar

❌ Multiple rapid changes: Ownership/registrar changed several times recently

❌ Privacy just added: WHOIS privacy added immediately before listing

❌ Established site suddenly available: Site that's been running for years suddenly for sale

❌ Domain age vs seller: 10-year domain but seller claims they just registered it

What to do: Check complete WHOIS history at DomainDetails.com. Research domain on Archive.org. Google domain name with "stolen" or "hijacked" to check for theft reports.

Documentation Red Flags

❌ Refuses documentation: Won't provide sales agreement or purchase history

❌ Fake documents: Suspicious-looking certificates, appraisals, or legal documents

❌ Inconsistencies: Information doesn't match WHOIS or public records

❌ Generic templates: Sales agreement looks hastily created from template

❌ Third-party claims: Selling on behalf of unnamed client or company

What to do: Insist on proper documentation. Use Escrow.com which provides standardized transaction agreements.

Communication Red Flags

❌ Email only: Refuses phone call or video meeting

❌ Different time zones don't match: Claims to be in US but emails come at odd hours

❌ Free email addresses: Using @gmail.com for "business" transactions

❌ Inconsistent stories: Details change between conversations

❌ Defensive: Becomes hostile when asked reasonable questions

❌ Name mismatch: Name in communications doesn't match WHOIS registrant

What to do: Legitimate sellers are transparent. Insist on verification and proper communication channels.

Payment Red Flags

❌ Wire transfer required: Won't accept escrow or safer payment methods

❌ Partial payment upfront: "Send 50% now, I'll transfer domain, then send remaining 50%"

❌ Cryptocurrency preferred: Especially Bitcoin (irreversible)

❌ PayPal Friends & Family: Removes all buyer protection

❌ Gift cards: Obvious scam

❌ Payment before verification: Wants payment before providing auth code or transfer initiation

What to do: Insist on Escrow.com for any transaction over $500. For smaller amounts, use PayPal Goods & Services (not Friends & Family).

Escrow Red Flags

❌ Alternate escrow service: Not Escrow.com

❌ "Their" escrow agent: Buyer/seller's preferred escrow person or company

❌ Escrow domain similar to Escrow.com: escr0w.com, escrow-secure.com, etc.

❌ Integrated marketplace escrow: Unknown marketplace with "built-in" escrow

❌ "Blockchain escrow": Vague claims about smart contract escrow

What to do: Only use Escrow.com (or Dan.com's integrated escrow). Verify you're on the real Escrow.com domain. Call official Escrow.com number to confirm transaction.

Red Flags When Selling Domains

Warning signs for domain sellers to protect against fraud.

Buyer Behavior Red Flags

❌ Overpayment: Sends more than agreed price, asks for refund of difference

❌ Unusual urgency: Must complete transaction immediately for vague business reasons

❌ Refuses escrow: Won't use Escrow.com

❌ "My lawyer will handle escrow": Insists on their attorney or corporate escrow

❌ Inspection period: Wants domain transferred before final payment "for inspection"

❌ Payment plan without escrow: Wants to pay in installments without guarantee

❌ Third-party payment: Someone else will pay (company, lawyer, partner)

What to do: Insist on Escrow.com. Never transfer domain before receiving full payment in Escrow.com. No exceptions.

Payment Method Red Flags

❌ Check payment: Especially cashier's check (can be fake)

❌ PayPal reversible: Buyer uses credit card or bank account via PayPal (can chargeback)

❌ Wire transfer then immediate chargeback request: Wires payment, immediately claims error and needs refund

❌ Cryptocurrency without escrow: Sends crypto directly, bypassing escrow

❌ Payment service you're unfamiliar with: Obscure payment platforms

❌ "Company policy requires our payment system": Won't use standard methods

What to do: Use Escrow.com for all transactions over $500. For smaller amounts, only accept PayPal Goods & Services or use Escrow.com anyway for protection.

Identity Red Flags

❌ Won't verify identity: Refuses to provide any business or personal verification

❌ Impersonation: Claims to represent known company but can't verify

❌ Email mismatch: Using @gmail.com but claims to be from Fortune 500 company

❌ Suspicious company name: Generic name similar to known brand

❌ Can't be verified: No LinkedIn, no company website, no online presence

❌ Recently created accounts: New account on marketplace, no transaction history

What to do: Verify buyer identity independently. If claiming to represent company, contact company directly via official channels to confirm.

Communication Red Flags

❌ Poor communication: Barely responsive, vague answers

❌ Inconsistent information: Story changes between communications

❌ Pressure tactics: Creates false urgency

❌ Overly friendly: Tries to build false trust quickly

❌ Won't discuss details: Vague about intended use, background, business

❌ Defensive about verification: Becomes hostile when asked to verify identity

What to do: Professional buyers understand and expect verification. Walk away from buyers who resist reasonable due diligence.

Transaction Structure Red Flags

❌ Complex arrangements: Unnecessary complexity in simple transaction

❌ Multiple parties: Involves many people (lawyer, partner, company rep)

❌ Split payments: Payment from multiple sources

❌ Installment plan without legal guarantee: Trust-based payment plan

❌ Barter/trade proposals: Wants to trade services or other domains instead of cash

❌ Equity/partnership offers: "I'll give you 10% of company instead of cash"

What to do: Keep it simple. Cash payment via Escrow.com, domain transfer, done. Avoid complex arrangements that introduce risk.

Chargeback Risk Red Flags

❌ Insists on PayPal: Especially for high-value domains

❌ Credit card payment: For domain transactions (high chargeback risk)

❌ Business account: Buyer claims "company policy requires credit card for accounting"

❌ Doesn't understand process: Unfamiliar with domain transfers (increases dispute risk)

❌ Unrealistic expectations: Expects instant transfer or features domain doesn't have

What to do: Use payment methods that protect sellers. Escrow.com with wire transfer or cryptocurrency (through escrow) are safest. Avoid PayPal for amounts over $2,000.

How to Verify Buyer/Seller Legitimacy

Concrete steps to verify you're dealing with legitimate counterparty.

Verifying Domain Sellers

1. Verify domain ownership:

Method 1: Check WHOIS
- Look up domain at DomainDetails.com
- Note registrant email
- Email seller: "Please verify ownership by sending me email from {registrant email}"
- Confirms they control the listed contact

Method 2: Nameserver change
- Ask seller to temporarily update nameservers
- Provide specific nameserver addresses
- Verify change within 24 hours
- Proves they have account access

Method 3: TXT record
- Ask seller to add specific TXT record to DNS
- Provide unique string: "domainverify-[random string]"
- Check with dig or DNS checker
- Confirms DNS control

2. Check domain history:

Review WHOIS history:
- How long has current owner held domain?
- Recent ownership changes? (red flag)
- Stable history? (good sign)
- Recent privacy additions? (suspicious)

Check Archive.org:
- What was domain used for?
- Established site or parked?
- Does history match seller's claims?

Google the domain:
- Any reports of it being stolen?
- Check NamePros, DNForum for mentions
- Look for prior sale listings (price comparison)

3. Verify seller identity:

For individual sellers:
- Request LinkedIn profile
- Google their name + domain industry
- Check their history on domain forums
- Look for transaction feedback

For business sellers:
- Verify company registration (state database)
- Check company website
- Look for online reviews
- Call company directly using independently sourced number

For brokers:
- Verify they're listed broker on registrar site
- Check BBB rating
- Look for reviews on domain forums
- Call broker company directly

4. Communication verification:

Request phone/video call:
- Legitimate sellers have no issue with call
- Verify person matches their stated identity
- Discuss transaction details verbally

Verify email domain:
- If claiming to represent company, should use company email
- @gmail.com for "corporate" sale is red flag
- Email headers can be checked for authenticity

Test responsiveness:
- Ask detailed questions about domain
- Legitimate owner can answer history, usage, statistics
- Scammer will be vague or deflect

Verifying Domain Buyers

1. Verify payment source:

If buyer is individual:
- Request LinkedIn profile
- Google their name
- Check if they have portfolio of domains (NameBio ownership)

If buyer is business:
- Verify company exists (state business registration)
- Check company website and domain portfolio
- Call company directly to verify representative

If buyer is represented:
- Verify attorney/broker is legitimate
- Call their office using independently sourced number
- Confirm they're representing this specific buyer

2. Verify buyer seriousness:

Ask qualifying questions:
- "What do you plan to use the domain for?"
- "What's your timeline for development?"
- "Have you purchased domains before?"

Legitimate buyers:
- Have clear purpose
- Can discuss plans
- Understand domain transfer process

Scammers:
- Vague about intentions
- Just want "quick purchase"
- Unfamiliar with process but rush to close

3. Verify payment method legitimacy:

If wire transfer proposed:
- Verify bank account holder name matches buyer
- For business: account should be in company name
- Request bank letter confirming account ownership

If PayPal:
- Verify PayPal account is verified
- Check account history/age if possible
- Prefer business accounts over personal

If cryptocurrency:
- Only through Escrow.com's crypto option
- Never accept direct crypto transfer

4. Background check:

Google buyer's name/company + "scam":
- Look for complaints
- Check domain forums for warnings
- Search BBB and consumer complaint sites

Check transaction history:
- On marketplace (Sedo, Afternic, etc.)
- Look for negative feedback
- Verify they've completed transactions before

Social media verification:
- LinkedIn should show real professional history
- Company should have active social media
- Check posts date back reasonably (not just created)

Using Escrow.com for Verification

Escrow.com provides built-in verification mechanisms:

Email verification:

• Both parties must verify email addresses
• Confirms identity to some degree

Identity verification (for high-value transactions):

• Escrow.com can require additional verification
• ID verification, phone verification
• Business verification for corporate buyers

Dispute resolution:

• If issues arise, Escrow.com investigates
• Reviews evidence from both parties
• Makes binding determination

Transaction transparency:

• Both parties see transaction status
• Can't hide or obscure steps
• Creates paper trail

Best practice: For transactions over $10,000, request enhanced verification through Escrow.com.

Red Flags During Verification

❌ Refuses verification: Won't provide any identity confirmation

❌ Provides fake documents: Documents that don't check out when verified independently

❌ Inconsistent information: Details don't match between sources

❌ Pressure during verification: "We don't have time for this, trust me"

❌ Can't verify ownership: Seller can't prove they control domain

❌ Impersonation detected: Claiming to be someone they're not

Golden rule: If verification fails or feels wrong, walk away. No deal is worth the risk of fraud.

Safe Payment Methods Ranked

Payment methods ranked from safest to riskiest for domain transactions.

🥇 Tier 1: Safest Methods

1. Escrow.com with Wire Transfer

Safety score: 10/10

Protection: Both buyer and seller protected

How it works:

• Buyer wires funds to Escrow.com
• Escrow.com holds funds
• Seller transfers domain
• Buyer verifies receipt
• Escrow.com releases payment to seller

Advantages:

• Licensed, audited financial institution
• Industry standard for domain sales
• Dispute resolution available
• Legal recourse if issues arise
• Protects both parties equally

Disadvantages:

• Fees: 3.25% for transactions under $5,000 (lower for higher amounts)
• Takes 3-7 business days
• Requires bank wire (not instant)

Best for: Any transaction over $500, all high-value transactions

Cost example: $2,000 domain = $65 escrow fee

2. Escrow.com with Cryptocurrency

Safety score: 9.5/10

Protection: Same as wire transfer, but with crypto

How it works:

• Same Escrow.com process
• Buyer sends cryptocurrency to Escrow.com
• Seller receives USD or crypto at completion

Advantages:

• Same Escrow.com protection
• Faster than wire for international
• Can receive payment in crypto or USD

Disadvantages:

• Slightly higher fees (may include conversion)
• Crypto volatility during escrow period
• Limited to certain cryptocurrencies

Best for: International transactions, crypto-native buyers

🥈 Tier 2: Good with Precautions

3. PayPal Goods & Services

Safety score: 7/10 for buyers, 5/10 for sellers

Protection: Strong buyer protection, weaker seller protection

How it works:

• Buyer pays through PayPal Goods & Services
• Seller transfers domain
• Funds held by PayPal (optional)
• Buyer confirms receipt or time expires
• Funds released to seller

Advantages (Buyer):

• 180-day dispute window
• Can file complaint if domain not received
• Credit card chargeback option available

Disadvantages (Seller):

• Buyer can file false "item not received" claim
• Intangible goods (domains) harder to prove delivery
• PayPal often sides with buyer in disputes
• Fees: 2.9% + $0.30

Best for:

• Transactions under $2,000
• When buyer needs protection but seller has reputation
• Should still use transaction agreement

Seller protection tip: Document everything—transfer initiation, authorization codes, buyer confirmation emails. Dispute requires proof of delivery.

4. Dan.com Integrated Transactions

Safety score: 8/10

Protection: Built-in escrow, both parties protected

How it works:

• Domain listed on Dan.com
• Buyer purchases through Dan.com checkout
• Dan.com holds payment
• Seller initiates transfer
• Buyer confirms
• Dan.com releases payment

Advantages:

• Integrated process (simpler than external escrow)
• Lower fees than Escrow.com for some transactions
• Faster than traditional escrow
• Payment plans available

Disadvantages:

• Domain must be listed on Dan.com
• Fees: 9% to buyer OR seller (depends on listing type)
• Less established than Escrow.com
• Dispute resolution less robust

Best for: Domains already listed on Dan.com, transactions under $10,000

🥉 Tier 3: Moderate Risk

5. Bank Wire Transfer (Direct)

Safety score: 3/10 for buyers, 8/10 for sellers

Protection: NO buyer protection, seller protected once funds received

How it works:

• Buyer wires funds directly to seller
• Seller receives funds
• Seller initiates domain transfer

Advantages (Seller):

• Irreversible (no chargebacks)
• Fast (funds available in hours)
• No middleman fees

Disadvantages (Buyer):

• ZERO protection if seller doesn't transfer domain
• Irreversible if scammed
• International wires expensive
• No dispute mechanism

Best for: ONLY if you know and trust the seller personally, OR as payment TO Escrow.com (not to seller directly)

Buyer warning: Never wire directly to seller unless you have legal recourse (established business, contract, legal representation)

6. Cryptocurrency (Direct)

Safety score: 2/10 for buyers, 8/10 for sellers

Protection: NO buyer protection, seller protected (transactions irreversible)

How it works:

• Buyer sends crypto to seller's wallet
• Seller initiates domain transfer
• No intermediary

Advantages (Seller):

• Irreversible transactions
• Fast (minutes to hours)
• Low fees
• International without barriers

Disadvantages (Buyer):

• ZERO protection if seller doesn't transfer
• Irreversible if scammed
• No dispute mechanism
• Volatility risk

Best for: ONLY if using Escrow.com crypto option. Never send crypto directly.

Common scam: "I prefer Bitcoin because it's fast" = seller wants irreversible payment with zero accountability

❌ Tier 4: Avoid

7. PayPal Friends & Family

Safety score: 1/10 for buyers, 7/10 for sellers

Protection: ZERO buyer protection, seller protected

Why it's risky:

• Removes all PayPal buyer protection
• Intended for personal gifts, not commerce
• Cannot file disputes
• Against PayPal terms of service for business transactions
• If seller scams you, PayPal won't help

Common scam: "I'll give you 5% discount if you send Friends & Family" = seller wants your money with zero accountability

Never use for domain purchases

8. Cash/Money Order/Gift Cards

Safety score: 0/10 for buyers

Protection: ZERO

Why it's a scam:

• Irreversible
• Untraceable
• No legitimate seller requests these
• 100% scam indicator

If anyone requests payment via:

• Western Union
• MoneyGram
• Gift cards (iTunes, Amazon, etc.)
• Cash in mail

It is a scam. No exceptions.

Summary Table

Golden rule: For any transaction over $500, use Escrow.com. No exceptions.

Real Cases of Domain Fraud

Learning from actual fraud cases helps identify patterns and avoid similar scams.

Case 1: The $85,000 Fake Escrow Scam

Victim: Tech startup buying PremiumBrand.com

The scam:

1. Domain listed on domain forum for $85,000
2. Seller appeared legitimate, 10+ year forum member account (actually compromised)
3. Negotiations took 3 months, building trust
4. Seller suggested "escrowdomain.com" (not Escrow.com)
5. Buyer did surface check: site looked professional, had SSL, "testimonials"
6. Buyer wired $85,000 to fake escrow
7. Waited for transfer notification
8. After 2 weeks, both seller and site disappeared
9. Investigation revealed 12 victims, $380,000 total losses

What went wrong:

• Didn't verify it was actual Escrow.com
• Trusted compromised forum account
• Time invested created false sense of security
• Didn't independently verify escrow service legitimacy
• Didn't call Escrow.com to verify transaction

Outcome: Total loss. Funds wired to Eastern European account, impossible to recover. Domain didn't exist (fake listing).

Lesson: ONLY use Escrow.com. Call them directly to verify any transaction. Time invested in relationship is a tactic, not evidence of legitimacy.

Case 2: The Stolen Domain Quick Flip

Victim: Individual buyer purchasing Investment.com domain

The scam:

1. Premium domain ValueNiche.com (worth ~$50,000) suddenly available for $18,000
2. Listed on marketplace with urgency: "fire sale, need cash this week"
3. Buyer excited about below-market deal
4. Seller pushed for quick wire transfer, "other buyers interested"
5. Buyer wired $18,000 directly (no escrow)
6. Domain transferred to buyer
7. 3 days later, buyer received email from registrar
8. Original owner filed complaint: domain stolen via social engineering
9. Domain returned to legitimate owner
10. Buyer lost $18,000 and domain

What went wrong:

• Too-good-to-be-true pricing ignored
• Artificial urgency accepted
• Didn't check domain history (WHOIS showed ownership change 2 days before listing)
• Skipped escrow
• Didn't verify seller ownership legitimacy

Outcome: Buyer lost $18,000. Seller disappeared. Original owner recovered domain. Police report filed but no leads.

Lesson: Below-market pricing with urgency = major red flag. Always check WHOIS history for recent changes. Use Escrow.com which provides inspection period to verify legitimacy.

Case 3: The Business Email Compromise

Victim: Corporation buying BrandName.com for $275,000

The scam:

1. Legitimate domain broker facilitating sale
2. All parties using Escrow.com properly
3. Buyer's CFO email account compromised (phishing weeks earlier)
4. At payment stage, CFO received legitimate wire instructions from Escrow.com
5. Attacker intercepted email, sent follow-up: "Wire instructions have changed, urgent update"
6. New instructions provided (attacker's account)
7. CFO wired $275,000 to attacker account
8. Real Escrow.com never received payment
9. Seller never transferred domain
10. Buyer demanded transfer, confusion discovered

What went wrong:

• Email compromised but not detected
• Changed wire instructions not verified by phone
• No dual authorization for large wire
• Attacker had been monitoring email for weeks, knew exact transaction details

Outcome: $275,000 lost. Bank attempted wire recall but funds already withdrawn. FBI investigation ongoing. Insurance claim filed.

Lesson: ALWAYS verify wire instructions by phone using independently sourced number. Changed wire instructions must be verified verbally. Implement dual authorization for large wires.

Case 4: The Overpayment Scam

Victim: Individual selling WebsiteName.com for $5,000

The scam:

1. Buyer contacted seller, agreed to $5,000 price
2. "Accidentally" sent PayPal payment for $8,000
3. Apologized profusely, "my accountant made error"
4. Asked seller to refund $3,000 immediately
5. Seller refunded $3,000 via wire transfer
6. Also transferred domain (eager to complete sale)
7. Original $8,000 PayPal payment reversed (fraudulent funding source)
8. Seller lost $3,000 cash + domain

What went wrong:

• Accepted overpayment without suspicion
• Refunded difference immediately
• Used different refund method (PayPal to wire)
• Transferred domain before payment cleared

Outcome: Lost domain and $3,000. PayPal ruled in favor of true account owner (account was compromised). Domain transferred to criminal's account, sold to third party.

Lesson: Never accept overpayment. If occurs, reverse entire transaction and start over. Never refund via different payment method. Use Escrow.com which prevents this scam entirely.

Case 5: The Fake Appraisal Listing Fee

Victim: Domain owner with portfolio of 200 domains

The scam:

1. Unsolicited email: "We have buyer interested in your domain RandomWord.net"
2. Free appraisal offered
3. Appraisal returned: $47,000 (domain worth maybe $500)
4. "To list in our premium buyer network, one-time fee of $899"
5. Owner excited by huge potential sale, paid $899
6. Promised listing in "exclusive auction"
7. Months passed, no sale
8. Company stopped responding to inquiries
9. Researched company: dozens of similar complaints online

What went wrong:

• Unsolicited appraisal trusted
• Inflated valuation clouded judgment
• Paid upfront listing fee (legitimate brokers work on commission)
• Didn't research company before payment

Outcome: Lost $899. No sale ever materialized. Company still operating under new name.

Lesson: Unsolicited appraisals are almost always scams. Legitimate brokers work on commission at sale, never charge upfront. If valuation seems absurdly high, it's designed to extract fees.

Case 6: The Domain Slamming Invoice

Victim: Business owning CorporateBrand.com

The scam:

1. Official-looking invoice arrived via mail
2. "Domain renewal due: $89.99"
3. Appeared to be from registrar (wasn't)
4. Accounting department paid invoice
5. Domain transferred to new registrar without authorization
6. New registrar charged renewal at 5x normal rate
7. Company discovered issue months later when trying to update DNS

What went wrong:

• Didn't verify invoice against actual registrar
• Accounting department paid without checking with IT
• Fine print buried: "This is solicitation, payment authorizes domain transfer"
• No verification process for domain-related invoices

Outcome: Domain transferred to unfavorable registrar, overcharged for renewal, had to pay additional transfer fee to move back.

Lesson: Implement verification process for domain renewals. Enable auto-renewal at preferred registrar. Train accounting staff to verify domain invoices with IT before payment.

Common Patterns Across All Cases

Red flags present in multiple cases:

1. Urgency and time pressure
2. Too-good-to-be-true pricing
3. Resistance to standard security practices (escrow)
4. Requests to bypass normal procedures
5. Appeals to greed or fear
6. Complicated or unusual arrangements

Prevention tactics that would have worked:

1. Always use Escrow.com for transactions >$500
2. Verify wire instructions by phone
3. Check WHOIS history for recent changes
4. Research counterparty before transacting
5. If seems too good to be true, walk away
6. Implement verification procedures for businesses
7. Take time—legitimate sellers don't disappear if you do due diligence

What to Do If You've Been Scammed

Immediate actions to take if you've fallen victim to domain fraud.

Immediate Actions (First 24 Hours)

1. Stop further losses:

✅ If domain not yet transferred:

• Do NOT transfer domain
• Notify registrar of suspected fraud
• Request transaction cancellation

✅ If payment reversible:

• Call bank immediately for wire recall
• File PayPal dispute (if used PayPal)
• Dispute credit card charge

✅ If domain already transferred:

• Document everything
• Contact receiving registrar
• File complaint with your registrar

2. Document everything:

Save all evidence:

• Email communications
• Text messages
• Transaction receipts
• Website screenshots
• WHOIS history screenshots
• Seller's provided information
• Payment confirmations
• Any contracts or agreements

Why crucial: Evidence needed for police reports, FBI complaints, civil suits, insurance claims.

3. Contact financial institutions:

Your bank (if wire transfer):

• Call fraud department immediately
• Request wire recall
• File fraud report
• Ask bank to contact recipient bank
• Time critical: act within hours for any chance of recovery

PayPal (if used):

• File dispute immediately
• Select "I didn't receive my item"
• Upload all evidence
• Respond to any PayPal requests promptly
• 180-day window but faster is better

Credit card (if used):

• File chargeback dispute
• Claim "services not provided" or "fraudulent transaction"
• Provide all evidence
• Usually 60-90 day window

Reporting to Authorities (First Week)

1. FBI Internet Crime Complaint Center (IC3):

Website: www.ic3.gov

Why report:

• Creates official federal record
• FBI investigates large-scale operations
• Data used to track trends and scammers
• May result in prosecution if part of larger investigation

Information needed:

• Your contact information
• Scammer's information (everything you have)
• Transaction details
• Financial losses
• Complete timeline

What happens:

• Report reviewed by FBI/partner agencies
• May be contacted if investigation opened
• Most reports don't result in individual case, but contribute to larger investigations

2. Local Police Report:

Why file:

• Required for insurance claims
• Needed for civil lawsuits
• Creates official record
• May result in local investigation if scammer local

What to bring:

• All documentation
• Printed evidence
• Transaction records
• Timeline of events

Expectations:

• Most local police lack resources for cybercrime
• International cases especially difficult
• Report likely filed but not actively investigated
• Still necessary for paper trail

3. State Attorney General:

Why report:

• State consumer protection divisions track scams
• May investigate if part of pattern
• Can pressure companies to refund

How to report:

• Find your state AG's consumer protection website
• File online complaint
• Provide all evidence

4. Federal Trade Commission (FTC):

Website: reportfraud.ftc.gov

Why report:

• FTC tracks scam patterns
• Can take action against scam operations
• Warns consumers about scams
• Data used for national initiatives

5. ICANN Registrar Complaint:

Website: reporting.icann.org

When to report:

• If registrar involved in fraud
• If stolen domain dispute
• If registrar not responding to complaints

What ICANN can do:

• Investigate registrar
• Enforce registrar policies
• Sanction or revoke registrar accreditation
• Assist with domain recovery in some cases

Domain-Specific Actions

If domain was stolen then sold to you:

1. Contact original owner:

   • Explain you're victim too
   • Provide evidence you purchased in good faith
   • May work together to pursue scammer
   • Occasionally original owner may offer discounted legitimate sale

2. Cooperate with domain recovery:

   • Original owner will likely prove ownership to registrar
   • Domain will be returned to them
   • Your cooperation may help in investigation
   • Don't make threats or demands (you have no legal standing)

3. Focus on recovering payment:

   • Your recourse is against scammer (not original owner)
   • Pursue scammer through legal channels
   • File insurance claim if applicable

If you transferred domain but didn't receive payment:

1. Contact receiving registrar:

   • Report fraudulent transaction
   • Request domain transfer reversal
   • Provide evidence of fraud
   • Some registrars may reverse within 24-48 hours

2. Lock domain if still possible:

   • If transfer not yet complete, enable registrar lock
   • May prevent completion of transfer

3. File ICANN TDRP complaint:

   • Transfer Dispute Resolution Policy
   • Designed for fraudulent transfers
   • Can result in domain return

Legal Action

When to consider attorney:

• Losses over $25,000
• Scammer identifiable and within US
• Business transaction (may have insurance coverage)
• Part of larger pattern affecting multiple victims

Types of legal action:

1. Civil lawsuit:

• Sue scammer for fraud
• Requires knowing scammer's real identity
• Expensive ($5,000-$50,000+ in legal fees)
• Only worth it if scammer has assets to seize and is in jurisdiction where judgment enforceable

2. Criminal complaint:

• Work with prosecutor to file criminal charges
• Requires evidence and identifiable perpetrator
• Prosecutors prioritize large cases
• Your case may be combined with others

3. Class action:

• If scammer has multiple victims
• Attorney may take on contingency
• Check domain forums for other victims
• Increases chance of recovery

Realistic expectations:

• Most domain fraud never results in prosecution
• International scammers extremely difficult to pursue
• Legal fees often exceed recovery
• Consider legal action as last resort for large losses

Insurance Claims

If you have cyber insurance or business insurance:

1. Review policy coverage:

   • Social engineering coverage
   • Cyber fraud coverage
   • Business fraud coverage
   • Deductibles and limits

2. File claim promptly:

   • Most policies have strict time limits
   • Provide all documentation
   • Police report usually required

3. Cooperate with investigation:

   • Insurance may hire investigator
   • Provide all information requested
   • Don't exaggerate or falsify details

Coverage expectations:

• Business policies more likely to cover than personal
• Social engineering coverage increasingly common
• Deductibles may be $5,000-$25,000
• May need to show you followed reasonable security practices

Recovery Expectations

Realistic recovery rates:

• Within 24 hours: 15-25% recover full or partial funds (via wire recall, payment dispute)
• Within 1 week: 10-15% recovery rate
• After 1 month: 5% recovery rate
• After 3 months: 2% recovery rate

Factors affecting recovery:

• Payment method (wires nearly impossible, PayPal possible)
• Scammer location (international nearly impossible)
• Speed of action (faster = better chance)
• Amount (higher amounts get more law enforcement attention)
• Evidence quality (affects civil cases)

Hard truths:

• Most domain fraud victims never recover losses
• International scammers rarely prosecuted
• Civil suits expensive and often unenforceable
• Prevention is infinitely better than recovery

Emotional Recovery

Domain fraud victims often experience:

• Embarrassment (may delay reporting)
• Anger at self or scammer
• Financial stress
• Distrust of future transactions

Healthy steps:

1. Don't blame yourself: Scammers are sophisticated, anyone can be victim
2. Report anyway: Even if embarrassed, reporting helps stop scammer
3. Learn from experience: Use this to avoid future fraud
4. Share story: Warning others is valuable, prevents their victimization
5. Move forward: Dwelling on loss doesn't help recovery

Best Practices

Comprehensive fraud prevention checklist.

For Domain Buyers

✅ Always use Escrow.com for transactions over $500

• Don't accept alternatives
• Verify you're on real Escrow.com domain
• Call Escrow.com to confirm transaction

✅ Check WHOIS history before buying

• Use DomainDetails.com for complete history
• Red flag: Recent ownership changes
• Red flag: Recent registrar transfers
• Verify stability before purchase

✅ Research comparable sales

• Check NameBio.com for similar domain sales
• If price seems too good, investigate why
• Below-market pricing + urgency = likely scam

✅ Verify seller ownership

• Ask seller to verify via registrant email
• Or request temporary nameserver change
• Or request specific DNS TXT record addition
• Don't buy if seller can't prove control

✅ Never wire directly to seller

• All payments through Escrow.com
• Wire transfers irreversible
• No protection if seller doesn't transfer

✅ Take your time

• Legitimate sellers don't disappear
• Urgency is pressure tactic
• Do complete due diligence

✅ Verify buyer identity for valuable domains

• Google the seller
• Check their transaction history
• For businesses, verify company registration
• Request phone call to discuss transaction

✅ Get everything in writing

• Use Escrow.com transaction agreement
• Document all terms
• Save all communications

✅ Use inspection period

• Escrow.com provides inspection period
• Verify domain transfers correctly
• Confirm no issues before accepting

✅ Research the domain

• Google domain name + "stolen"
• Check domain forums for mentions
• Look for previous listings (price comparison)
• Archive.org for domain history

For Domain Sellers

✅ Insist on Escrow.com

• No exceptions
• Protects you from chargebacks
• Provides legal recourse

✅ Never transfer before receiving payment

• Payment must clear in Escrow.com first
• No "inspection periods" before payment
• No "my company requires possession for approval"

✅ Verify buyer payment method

• Avoid PayPal for high-value domains
• Wire transfer or crypto through escrow only
• No checks, money orders, or gift cards

✅ Watch for overpayment scams

• If buyer "accidentally" overpays, reverse entire transaction
• Never refund difference
• Start transaction over

✅ Verify buyer identity

• For high-value domains, confirm buyer is legitimate
• If representing business, verify independently
• Google buyer name for scam reports

✅ Document everything

• Save all communications
• Screenshot WHOIS before transfer
• Keep transaction records
• Proof of transfer initiation

✅ Use transaction agreement

• Escrow.com provides standardized agreement
• Outlines terms clearly
• Legally binding on both parties

✅ Be suspicious of urgency

• Legitimate buyers understand process takes time
• Rush buyers often fraudulent
• Take time for verification

✅ Implement business verification procedures

• For businesses with domain portfolios
• Require IT approval before transfers
• Dual authorization for high-value sales
• Training for staff handling transactions

✅ Reject unusual payment structures

• No installment plans without legal guarantee
• No barter/trade for valuable domains
• No equity/partnership instead of cash
• Cash only through escrow

For Everyone

✅ Enable two-factor authentication

• On registrar accounts
• On email accounts
• Makes account hijacking much harder
• See 2FA Guide

✅ Use unique passwords

• Different password for registrar than other sites
• Use password manager
• Prevents credential theft from other breaches

✅ Enable registrar lock

• Prevents unauthorized transfers
• See Registrar Lock Guide

✅ Enable domain privacy

• Hides contact information from WHOIS
• Reduces targeting for scams
• See Domain Privacy Guide

✅ Monitor domains regularly

• Use DomainDetails.com monitoring
• Get alerts for WHOIS changes
• Detect unauthorized changes quickly
• See Domain Monitoring Guide

✅ Keep contact information current

• Registrar can reach you if issues arise
• Receive transfer authorization requests
• Get expiration reminders

✅ Educate yourself

• Read domain fraud reports
• Follow domain security news
• Learn from others' experiences
• Stay updated on new scam tactics

✅ Trust your instincts

• If something feels wrong, walk away
• No deal worth the risk
• Legitimate sellers understand caution

✅ Verify everything independently

• Don't trust provided links
• Look up companies yourself
• Call using independently sourced numbers
• Verify before sending money

✅ Report scams

• IC3.gov for FBI reporting
• Registrar fraud departments
• Domain forums (warn others)
• ICANN if registrar involved

Frequently Asked Questions

Is Escrow.com the only legitimate domain escrow service?

Escrow.com is the industry standard and most trusted domain escrow service, but not the only one. Dan.com offers integrated escrow for domains listed on their platform, which is also legitimate. Sedo and Afternic have their own escrow processes for transactions on their marketplaces.

However, for direct buyer-seller transactions, Escrow.com is strongly recommended as they're a licensed and audited financial institution specifically known for domain transactions. Be extremely wary of any other "escrow service" suggested by a seller—most are scams.

Safe escrow options:

• ✅ Escrow.com (direct transactions)
• ✅ Dan.com (for Dan listings)
• ✅ Sedo.com (for Sedo marketplace)
• ✅ Afternic.com (for Afternic marketplace)

Any other service requires extreme verification before use.

How can I tell if an escrow website is fake?

Check the exact domain spelling:

• ✅ REAL: escrow.com
• ❌ FAKE: escr0w.com (zero instead of 'o')
• ❌ FAKE: escrow-secure.com
• ❌ FAKE: escrowservices.com

Verify independently:

1. Google "Escrow.com" yourself (don't click links in emails)
2. Call Escrow.com: +1-415-801-2270 (look up number independently)
3. Verify transaction ID with customer service
4. Check business registration: Licensed in California

Red flags for fake escrow:

• Domain name different from escrow.com
• Contact email uses free provider (@gmail.com)
• No verifiable business registration
• Pushy about sending payment quickly
• Site recently created (check domain age at DomainDetails.com)

Golden rule: When in doubt, call the real Escrow.com using their official number to verify.

What should I do if a seller refuses to use Escrow.com?

Walk away. There is no legitimate reason for a seller to refuse Escrow.com for a transaction over $500.

Common seller excuses (all red flags):

• "Escrow takes too long" → Real timeline is 3-7 days, reasonable for protecting thousands of dollars
• "Escrow fees are too high" → 3.25% to protect large transaction is minimal, can be split
• "I prefer my company's escrow service" → Escrow.com is industry standard, no legitimate reason to refuse
• "Let's use this faster/cheaper alternative" → Almost certainly fake escrow scam
• "I've done many deals without escrow" → Great for them, not relevant to you

Legitimate sellers:

• Understand buyer protection needs
• Have no problem with Escrow.com
• May have completed many escrow transactions already
• Won't pressure you to skip security

Your response: "I'm only comfortable using Escrow.com for my protection. If you're not willing to use Escrow.com, I'll need to pass on this opportunity."

If seller persists in refusing Escrow.com, they're either scamming you or an extremely unsophisticated seller (also risky).

How can I verify a domain isn't stolen before buying?

1. Check WHOIS history:

• Use DomainDetails.com to see complete ownership history
• Look for recent ownership changes (last 30 days = red flag)
• Verify current WHOIS matches seller information
• Look for recent registrar transfers

2. Verify seller ownership:

• Ask seller to send email from registrant email shown in WHOIS
• Request temporary nameserver change to prove control
• Ask them to add specific TXT record to DNS

3. Research the domain:

• Google domain name + "stolen" or "hijacked"
• Check NamePros.com, DNForum.com for theft reports
• Search ICANN UDRP/TDRP databases for disputes
• Look at Archive.org for domain history (does it match seller's story?)

4. Evaluate the listing:

• Is pricing suspiciously below market? (30%+ below = investigate)
• Is seller creating urgency? ("Must sell this week")
• Can seller answer questions about domain history?
• Does seller have reputation/history in domain industry?

5. Use Escrow.com:

• Provides inspection period (typically 3-7 days)
• Can file complaint during inspection if discover issues
• Gives time to verify legitimacy before final completion

6. Check seller's listing history:

• Are they selling multiple valuable domains suddenly?
• Do they have transaction history on marketplaces?
• Can you find previous sales by this seller with positive feedback?

Red flags summary:

• Recent WHOIS ownership change + quick sale = major warning
• Below-market pricing + urgency = investigate thoroughly
• Seller can't prove ownership = don't buy
• Premium domain from unknown seller = verify extensively

Is it safe to pay for domains with cryptocurrency?

Through Escrow.com: Yes, relatively safe. Escrow.com offers cryptocurrency payment option that provides same protection as wire transfer.

Directly to seller: No, very risky. Cryptocurrency transactions are:

• Irreversible (no refunds or chargebacks)
• Anonymous (harder to trace seller)
• Unregulated (no protections like credit cards)

Escrow.com crypto process:

1. Buyer sends crypto to Escrow.com
2. Escrow.com holds it securely
3. Seller transfers domain
4. Buyer verifies receipt
5. Escrow.com releases crypto to seller (or converts to USD)

This provides same protection as traditional escrow.

Direct crypto payment risks:

• Seller can take payment and not transfer domain
• No recourse if scammed
• No dispute mechanism
• No way to reverse payment

Scammer tactics:

• "I prefer Bitcoin because it's fast and easy"
• "Crypto avoids bank fees"
• "Blockchain provides its own escrow" (usually false)

Safe approach:

• Only use crypto through Escrow.com
• Never send crypto directly to seller
• If seller insists on direct crypto payment, walk away

Volatility consideration: Crypto values fluctuate. Escrow.com typically converts to USD at time of buyer payment, protecting both parties from price changes during escrow period.

What if I already paid but haven't received the domain?

If payment was via Escrow.com:

1. Contact Escrow.com immediately: +1-415-801-2270
2. They'll investigate transaction status
3. If seller hasn't transferred, payment will be returned to you
4. If seller initiated transfer, verify you received authorization code
5. Escrow.com provides dispute resolution if issues arise

If you paid via PayPal:

1. File dispute immediately: PayPal.com → Resolution Center
2. Select "I didn't receive my item"
3. Provide all evidence: transaction agreement, communications, etc.
4. Respond to any PayPal requests promptly
5. 180-day window to file, but sooner is better

If you paid via wire transfer directly:

1. Contact your bank immediately: request wire recall
2. Contact seller: demand transfer completion or refund
3. File FBI IC3 report: www.ic3.gov
4. File local police report
5. Contact registrar: report fraudulent sale
6. Consult attorney if amount substantial (>$10,000)

If you paid via credit card:

1. Contact credit card company: file chargeback dispute
2. Claim "services not provided"
3. Provide all evidence
4. Usually 60-90 day window

If you paid via cryptocurrency directly:

• Unfortunately, very limited recourse
• Report to IC3.gov
• Report to local police
• Extremely unlikely to recover funds
• This is why direct crypto payments are high risk

Timeline matters: Act within hours/days for best chance of recovery. Delays significantly reduce recovery chances.

Prevention: This is why Escrow.com is essential. Protects both parties and provides clear dispute resolution process.

How do I report domain fraud?

Report to multiple authorities to maximize chance of investigation and warn others:

1. FBI Internet Crime Complaint Center (IC3):

• Website: www.ic3.gov
• Federal reporting system
• Handles cybercrime complaints
• May investigate as part of larger cases

2. Local Police:

• File report in your jurisdiction
• Creates official record
• Needed for insurance claims
• Get case number for other reports

3. Federal Trade Commission:

• Website: reportfraud.ftc.gov
• Consumer protection agency
• Tracks scam patterns
• Can take action against scam operations

4. ICANN:

• Website: reporting.icann.org
• If registrar involved or domain disputes
• Can investigate registrar violations
• May assist with domain recovery

5. Your Registrar:

• Report to fraud/abuse department
• May flag scammer's account
• Can provide evidence for investigation
• Important if domain theft involved

6. Your State Attorney General:

• Consumer protection division
• Tracks state-level fraud
• May investigate local scammers
• Can pressure companies for refunds

7. Domain Community Forums:

• NamePros.com, DNForum.com
• Warn other community members
• May find other victims for class action
• Community can identify repeat scammers

8. Better Business Bureau:

• If scammer claims to be business
• Creates public record
• May affect scammer's business operations

Information to provide:

• Your contact information
• Scammer's information (everything you have)
• Complete timeline of events
• All communications (emails, texts, calls)
• Transaction details and evidence
• Financial loss amount
• Payment method and transaction IDs

Why report even if unlikely to recover:

• Helps authorities track scam patterns
• May prevent others from becoming victims
• Your case may connect to larger investigation
• Creates paper trail for potential civil action
• Required for insurance claims

Can I keep a domain if I bought it from a scammer who stole it?

No. Even if you purchased in good faith, you cannot keep a stolen domain.

Legal principle: You cannot acquire legitimate title to stolen property, even as good-faith purchaser.

What happens:

1. Original owner discovers domain stolen
2. Files complaint with registrar
3. Provides proof of ownership (account history, documentation)
4. Registrar investigates
5. If theft proven, domain returned to original owner
6. You lose domain even though you paid for it

ICANN Transfer Dispute Resolution Policy (TDRP):

• Designed to resolve unauthorized transfers
• Original owner can prove legitimate ownership
• Fraudulent transfer reversed
• Innocent purchaser has no standing (didn't buy from legitimate owner)

Your recourse:

• NOT against original owner (they're victim too)
• Against scammer who sold you stolen domain
• File police report and IC3 complaint
• Pursue scammer through legal channels
• May file insurance claim if applicable

Real example: Business bought PremiumDomain.com for $50,000 from scammer. Developed site, invested $25,000 in marketing. Original owner proved theft 6 months later. Domain returned to original owner. Business lost $75,000 total. Scammer never found.

Prevention is critical:

• Check WHOIS history before buying (recent changes = red flag)
• Verify seller legitimacy
• Use Escrow.com (provides inspection period)
• Research domain for theft reports
• If price too good to be true, investigate thoroughly

Original owner negotiation: Occasionally, if you prove you were defrauded and purchased in good faith, original owner MAY offer to sell legitimately at discount. Not guaranteed, and they have no obligation. You were both victims of same scammer.

Are domain appraisal services worth paying for?

Free algorithmic estimates: Yes, useful for ballpark valuations.

Paid appraisals from unsolicited contacts: No, almost always scams.

Certified appraisals for legal purposes: Yes, when legitimately needed.

Free appraisal tools (worth using):

• EstiBot.com: Algorithm-based estimates
• GoDaddy Appraisal: Quick free estimate
• NameBio.com: Actual comparable sales data (most reliable)

Paid appraisal scams (avoid):

• Unsolicited email/call claiming your domain is valuable
• Inflated "free appraisal" followed by listing fee request
• "To access our buyer network, pay $299-$899"
• Companies like "Premium Domain Brokers", "Elite Domain Group"

Red flags:

• Unsolicited contact (legitimate buyers don't cold call)
• Too-good-to-be-true valuation ($500 domain appraised at $50,000)
• Upfront fees for "premium listing"
• Pressure tactics ("Offer valid 48 hours only")

Legitimate professional appraisals (when needed):

• For legal disputes or estate planning
• For tax purposes (donation, sale)
• For divorce settlements
• From CAA (Certified Appraisers Guild of America)
• Cost: $100-$500 for certified report
• These provide legally defensible valuations

Legitimate broker services (commission-based):

• Sedo.com: Only paid on successful sale
• Afternic.com: Commission on sale only
• GoDaddy Broker Service: Commission-based
• No upfront listing fees

Golden rule: If someone contacts YOU with unsolicited appraisal or buyer, it's almost certainly a scam. Legitimate buyers work through established marketplaces or brokers.

Best free approach:

1. Check NameBio.com for comparable sales
2. List on Sedo/Afternic for free
3. Set price based on actual sales data
4. Wait for legitimate buyers
5. Don't pay anyone upfront to "find buyers"

How long should a domain transfer take?

Timeline varies by registrar, but typical range is 5-7 days.

Standard transfer process:

Day 0: Buyer initiates transfer at new registrar

• Provides domain name and authorization code
• Pays transfer fee (~$10-15, includes 1-year renewal)

Day 0-1: Transfer request submitted

• New registrar contacts registry
• Transfer authorization email sent to domain admin email
• Both registrars notified

Day 1-2: Authorization waiting period

• Domain owner must approve transfer (click link in email)
• Or wait for auto-approval (typically 5 days)
• Current registrar may email asking to confirm/deny

Day 2-7: Transfer processing

• If approved immediately: transfer can complete in 2-3 days
• If waiting for auto-approval: takes full 5-7 days
• Registry updates ownership records

Day 7: Transfer completes

• Domain now at new registrar
• Typically renewed for 1 additional year
• Update nameservers if needed

Expedited transfers (with cooperation):

• Seller approves transfer immediately at current registrar
• Buyer approves at new registrar
• Can complete in 24-48 hours
• Still requires both registrars to process

Transfer delays:

• Domain locked: Must unlock before transfer (adds 1-2 days)
• No authorization code: Must request from current registrar
• Expired domain: Must renew before transfer
• Recent transfer: 60-day transfer lock after previous transfer
• Pending deletion: Can't transfer if domain in redemption

Red flags if transfer takes longer:

• Over 10 days without explanation = contact registrars
• Seller claims "technical issues" repeatedly = possible scam
• Transfer "stuck" indefinitely = verify with registrars directly

Using Escrow.com:

• Escrow timeline runs parallel to transfer
• Escrow.com holds payment during 5-7 day transfer
• Buyer has inspection period after receiving domain
• Payment released after buyer confirms receipt

Seller best practice:

• Unlock domain before listing
• Have authorization code ready
• Approve transfer immediately when requested
• Communicate any expected delays

Buyer best practice:

• Verify domain unlocked before purchasing
• Respond to authorization emails promptly
• Check spam folder for registrar emails
• Follow up if exceeds 7 days

Normal: 5-7 days. Expedited: 2-3 days. Over 10 days: investigate.

Key Takeaways

1. Always use Escrow.com for domain transactions over $500. This single step prevents most fraud.

2. Fake escrow sites are common. Verify you're on the real escrow.com domain (not escr0w.com, escrow-secure.com, etc.). Call Escrow.com directly to verify transactions.

3. Stolen domains sold quickly at below-market prices. Check WHOIS history for recent ownership changes. Use DomainDetails.com to view complete domain history.

4. Wire transfers and cryptocurrency sent directly to sellers (not through escrow) are irreversible and offer zero buyer protection. Never pay directly.

5. Unsolicited appraisals are scams. Legitimate brokers work on commission, never charge upfront listing fees. If contacted with high appraisal followed by fee request, it's fraud.

6. Phishing attacks target domain owners. Never click links in emails claiming to be from registrar. Bookmark your registrar login page and always access directly.

7. Domain slamming sends fake renewal notices. Only renew through your actual registrar. Enable auto-renewal to avoid scam renewal attempts.

8. Overpayment is always a scam. Never accept overpayment and refund difference. Reverse entire transaction and start over.

9. Verify seller ownership before buying. Request verification via registrant email, nameserver change, or DNS TXT record addition.

10. PayPal Friends & Family has zero protection. Only use PayPal Goods & Services for domain transactions, and only for amounts under $2,000.

11. Red flags when buying: Too-good-to-be-true pricing, pressure tactics, refusal to use escrow, seller can't verify ownership, recent WHOIS changes.

12. Red flags when selling: Overpayment, buyer insists on "their" escrow, inspection period before payment, wire transfer to you directly.

13. If scammed, act immediately. Contact bank for wire recall (within hours), file PayPal dispute, report to IC3.gov, file police report, contact registrars.

14. Recovery is unlikely. Prevention is critical. Most domain fraud victims never recover losses, especially for international scams and cryptocurrency payments.

15. Report fraud even if you don't recover. Reporting to IC3.gov, FTC, and registrars helps prevent others from becoming victims and aids law enforcement investigations.

Next Steps

Protect Your Current Domains

1. Enable two-factor authentication on registrar accounts: Two-Factor Authentication Guide

2. Lock your domains to prevent unauthorized transfers: Understanding Registrar Lock

3. Enable privacy protection to hide your contact information: Domain Privacy Protection

4. Set up monitoring for unauthorized changes: Domain Monitoring Guide

Before Your Next Domain Transaction

5. Bookmark Escrow.com now so you always have the legitimate URL: https://www.escrow.com

6. Read the escrow guide to understand the safe transaction process: Domain Escrow Services Guide

7. Learn how to transfer domains properly: Domain Transfer Checklist

8. Understand domain sales negotiation: Domain Sales Negotiation Tactics

If You've Been Targeted

9. Report attempted scams to IC3.gov, FTC, and your registrar

10. Warn the domain community on NamePros.com or DNForum.com

11. Review your security if you received targeted phishing: Domain Theft Prevention

12. If domain was stolen: How to Recover a Hijacked Domain

Stay Informed

13. Monitor domain security news through registrar blogs and industry publications

14. Follow domain communities to learn about new scam tactics as they emerge

15. Share this guide with others who buy, sell, or manage domains

Remember: Taking time for verification and due diligence is not paranoia—it's protecting your investment. Legitimate sellers and buyers understand and expect security practices. Anyone who pressures you to skip these steps is either a scammer or someone you shouldn't do business with.

Research Sources

This article was researched using:

1. FBI Internet Crime Complaint Center (IC3) Reports

   • Annual cybercrime reports 2020-2024
   • Domain fraud statistics and trends
   • Business Email Compromise (BEC) data

2. Federal Trade Commission (FTC)

   • Consumer fraud reports and warnings
   • Domain slamming enforcement actions
   • Fake escrow service investigations

3. ICANN Reports and Policies

   • Transfer Dispute Resolution Policy (TDRP)
   • Registrar abuse reports
   • WHOIS data protection guidelines

4. Industry Publications

   • Domain Name Wire
   • Domain Incite
   • NamePros forum discussions and scam reports
   • DNJournal.com fraud cases

5. Legal Cases and Court Documents

   • Domain theft prosecution records
   • Civil fraud lawsuits
   • Domain Registry of America class action litigation

6. Escrow.com Resources

   • Official transaction guidelines
   • Fraud prevention documentation
   • Domain escrow best practices

7. Registrar Security Resources

   • GoDaddy, Namecheap, Name.com security blogs
   • Transfer and security policy documentation
   • Fraud prevention guidelines

8. Cybersecurity Research

   • Phishing attack reports from Anti-Phishing Working Group
   • Business Email Compromise studies
   • Social engineering tactics analysis

9. Domain Community Expertise

   • Interviews with domain brokers and investors
   • Fraud victim testimonials (anonymized)
   • Security recommendations from domain professionals

10. Consumer Protection Agencies

    • State Attorney General fraud reports
    • Better Business Bureau scam alerts
    • Consumer Financial Protection Bureau guidelines

Article accuracy: All scam examples are based on real reported cases. Financial figures and statistics come from official law enforcement and industry sources. Fraud prevention recommendations follow industry best practices and registrar guidelines.

Last verified: December 2025

Updates: This article is updated regularly as new scam tactics emerge. Report new fraud types to help keep this resource current.