search
top


Domain Registry Scam by giv.com

There has been a domain scam particularly in Canada that has been going on for quite awhile. When I was introduced to it taking place and being a person, they also tried to target. I decided it would be best to expose how they try to scam people so that people do not fall prey to them. I have heard stories of people falling for this scam. This post is for the ones that end up landing on this blog post for more info.

Why is this important

Personally, reading all the comments and posts online about these scammers. I feel the right thing to do is to create some awareness, so more people do not fall prey to the scam. There are many innocent victims, who may fall for this scam due to the lack of cyber security awareness. So, lets go out there and educate people and let them know about this scam. Hopefully, it can at least prevent a few people from falling prey to this scam.

What did they do

This organization is sending thousands of letters on an ongoing basis to people. These mailed letters show up at your home or offices and make it seem like it is an urgent matter to address right away. The letter will state a domain name you own, the expiry date of the domain, a section to paste your credit card number, and an envelope the mail the form back.

Many users (the stories I have read online) end up calling the number and have gone as far as giving their credit card information on the phone to these people. What most users do not realize is that this letter is NOT coming from their actual domain registrar.

So many get confused and end up transferring their domain over to this scam organization called giv.com. And, once a registrar has your domain, they can make your life exceedingly difficult when it comes down to managing and controlling your domain. They could essentially shutdown your online business or website, as they will now have full control over your domain name.

Who are “they” – (giv.com)

This organization goes by many different domain names and identities. They mainly go by the name called and listed as Giv.com on the mailed letter head. But, it seems they have multiple names that are used such as idnsinc.com (shown below) and a few other names.

domain-registry-scam-site-information

A whois lookup (shown below) shows that the org. is registered through Domain Jamoree.

domain-registry-whois-info

If you search Google for giv.com (seen below) you’ll find tons of “beware”, “I was scammed” and other hits where users were targeted by this organization.

domain-registry-google-search
domain-registry-BBB-complaints

The image above is from the Better Business Bureau (BBB), which mostly contains 1-star complaints for this registrar. You see some incredibly sad and unfortunate stories there. And an clearly see how many of these people were taken advantage of. It comes down to poor security awareness were many people just did not understand how domain names and registrars’ function. And, that lack of knowledge led to many of them losing out their hard-earned money and/or their prized domain names.

You can read tons of other complaints on the BBB website: https://www.bbb.org/us/nj/jersey-city/profile/web-hosting/internet-domain-name-services-idns-0221-90170042/customer-reviews

How do they obtain someone’s information

From what it appears, they target domains that DO NOT have whois privacy enabled with respect to the domain owner. Many registrars allow you to anonymize your information for WHOIS searches.

whois-record-stealthbay

For example, as seen above the registrant information for StealthBay.com is redacted. Only the actual domain registrar would have this information. However, many domain owners sometimes may not purchase the option to anonymize (privacy option) their personal information. Many domain registrars are now slowly starting to offer it as a free when you register or renew your domain name. So, there is no reason to not take advantage of it if you are given that option.

How can I protect myself

Enable all privacy and private/anonymous whois options that are available at your domain registrar. This way when a user does a WHOIS lookup on your domain name. There is going to be no sensitive data shown, and anyone targeting users will not be able to do much. If your registrar does charge extra, decide if the fee is worth it. Usually, it is only a few extra bucks on top of the actual domain fee. If not, I would advise moving to many other popular registrars that offer privacy & security features for free!

As for protecting your domain names. Always be sure of which registrar you have signed up with and under any circumstances that feel odd (getting a random renewal letter). Always reach out to the domain registrar you signed up with and follow up with them. I’ve listed a few good reputable domain registrars you can use (GoDaddy, Namecheap, Cloudflare, Google, Porkbun)

Passing this post along

In order to protect more users from falling for this scam. Please pass and share this post with others out there. Let us get this notice out there and help others from not falling prey to this scam.

If you have found any more information about them, or have had experience with them feel free to share your experience below in the comments section!



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top