Be thoughtful when retiring old domain names

4 pointsPine_Mushroom8mo ago2 comments

This is a bit of a sob story, and I’m mainly posting hoping for some advice or assistance, but even if my situation is hopeless, maybe sharing the experience can prevent something similar from happening to someone else: Some months ago I let a long unused domain name of mine expire(williamsfamilyfungi.com). I used it for an email address for a number of years, but over time I moved everything to another domain which also hosted my website(michiganmushrooms.net). Unfortunately I neglected to change the contact information for a few critical accounts away from williamsfamilyfungi.com… and wouldn’t you know it; as soon as it expired someone grabbed it up and started a new email with my old address(christopher@williamsfamilyfungi.com). Then the real trouble started: they used my old email to change the password on my michiganmushrooms.net domain, locking me out of my email and GoDaddy account. Unfortunately they did this just before that domain was set to expire and by the time GoDaddy was able to confirm I’d been hacked and get me back into my account(this took several months for some reason): the domain was gone. Now it would seem they started a new email again with my old address(christopher@michiganmushrooms.net) and unfortunately that email is connected to many important accounts that I am now totally locked out of… I realize in both cases the domains were expired and re-purchased legitimately enough, but to re-start an email address to impersonate someone is pretty shady. GoDaddy said I’m out of luck to get back since it wasn’t technically ‘stolen’, but it sure feels like I’ve been robbed. My main concern now is what kind of havoc they might be able to do impersonating me; I have no way of knowing what kind of accounts they could be opening up… TLDR: be thoughtful about retiring old domains. Any advice appreciated!

2 comments

Bender8mo ago

Reach out to every company fraud department that domain was used with and let them know the domain expired and is now being actively abused by criminals. There are whois history sites that can show you used to be in control of that domain.

Reset all of your authentication details with all financial institutions, ideally in person after showing them your state ID and let them know to block anything related to that domain. Have them treat your debit cards as stolen and issue new ones with entirely new numbers. Consider temporarily freezing your credit with the 3 credit agencies.

If the attackers are causing financial harm consult with an attorney and also with the FBI cybercrime division if you are in the US. [1] Log all details that you can including dates, times, events. Just the facts. Keep records of your communication with lawyers and the FBI so that you can show you were performing due diligence in for future related incidents.

[1] - https://www.ic3.gov/

ckrapu8mo ago

This happened to me when I decommissioned an App Service instance on Azure.

I totally forgot that it has a readable (I.e. guessable domain name) because AWS’ equivalent service doesn’t. I also had a company subdomain pointing to it so someone got to put up a malicious page on our domain for a day :(

j / k navigate · click thread line to collapse