Needless to say at this stage I'm quite pissed off with eNom and their "risk management team" which seems to be one giant void

To cut a long story short

It appears someone got into my account and transferred away two of my domains (not sure how, the pass 16+ characters and stored in my head)

I called tech support about this and they told me to contact account.help@enom and they could disable my account to prevent further transfers and I could call them up to have it re-enabled. I told them to do so

Contacted account.help who said they could do nothing for me and to contact transfer dispute and to fax various documents to their office. Contacted transfer dispute and faxed the documents

Tried call tech support again to re-enable my account so I can renew some domains and register new ones. No dice, apparently its up to risk management now despite being told earlier I could call up.

Heard back from account.help asking a few further questions which I answered. Told they would check with their risk management team to see if they could email my login details to the paypal account which we used to top up the account.

This was three days ago and I've heard nothing since. Has anyone else had such trouble getting an answer out of eNom or got a direct contact number for someone within risk management? This is just ridiculous at this stage.

Risk Management won't lift a finger to help you. I think they are there to reduce eNom's risk management, not your's. Nobody is going to help you recover your domains at eNom. I believe it is their policy to run your around in loops, so you eventually give up. They will obfuscate and even lie to you. If these domains were valuable to you, you should send them a lawyer's letter.

As to how these domains were stolen is an interesting problem. Did you register these domains from new? Or did you buy them from another eNom user?

It's easy to steal a domain from eNom if you bought them from another eNom user and you never updated the domain password. All the old owner has to do is login to the domain at access.enom.com and change the whois data to their own. Then they call eNom and ask them to unlock the domain and to send them the auth code. They place the the transfer request at another registrar. Five days later the domain has been transferred. They don't need access to your account to do any of this. eNom consider this a feature, not a flaw in their system.

You should also consider that your computer has been compromized by a keylogger. You should scan your computer for them regularly. A third party firewall should always be operational when you're on the internet.

Great, thats all I need to hear =/

I've scanned my computer and its come up clean and I have a firewall running on my pc and my router is doing NAT.

And I transferred them from my GoDaddy account to eNom.

Then it's a mystery to me. Do you have the same username/password at other registrars? Have any of your email addresses been compromised. Where did they get transferred to? Were there any other domains transferred from GoDaddy at the same time which weren't touched? Were there any other domains in your eNom account which weren't stolen? Were the domain passwords set? Is the password easily guessable?

It's easy to steal a domain from eNom if you bought them from another eNom user and you never updated the domain password. All the old owner has to do is login to the domain at access.enom.com and change the whois data to their own. Then they call eNom and ask them to unlock the domain and to send them the auth code. They place the the transfer request at another registrar. Five days later the domain has been transferred. They don't need access to your account to do any of this. eNom consider this a feature, not a flaw in their system.

They've changed this. When you push a domain to another account, adn choose NOT to keep the old WHOIS info(so you are changing ownership), the domain password is automatically deleted.

I'd like to think the password wasn't guessable, no words, mixed case and use of numbers and not used any where else

And it was only two domains, although the other domains in the account suddenly became unlocked like they were ready to be transferred

No domain passwords set

And I'd rather not mention to gaining registrar but needless to say I contacted them, and they said their hands are tied unless eNom contact them directly.

I'd like to think the password wasn't guessable, no words, mixed case and use of numbers and not used any where else

And it was only two domains, although the other domains in the account suddenly became unlocked like they were ready to be transferred

No domain passwords set

And I'd rather not mention to gaining registrar but needless to say I contacted them, and they said their hands are tied unless eNom contact them directly.


So your domains transferred out to another registrar? Did the reg and/or admin email change? If not, then someone has access to your emails. That, by the way, is the most common way to hijack a domain name, or domain name account. Email accounts are often compromised when you check your mail at a 'friends' house, internet cafe, airport, etc.

I've been with eNom for years now, and never had a problem. But then, my account has never been hijacked, either.

Yeah, the whois details did change for the domains. So I never got the email saying anything about a transfer

I think eNom should be far more like godaddy when it comes to email notifications, if I do anything in my godaddy account I get an email.

I've been with eNom for years now, and never had a problem. But then, my account has never been hijacked, either.

Ditto,

whilst we may feel sorry for this to happen, it is not the norm IMHO
by the way, was the domain 'locked' ?

are you maybe a reseller of a reseller ? does that make you more vunerable ?

If there was a pole, I think eNom would come out in the top 5 easily

my own experience (with eNom) is only by there 'ticket system' never by phone,
they have tended to respond a little slow, but always (for me) very thoroughly
and accurately

hope you get it resolved

Very strange.
If your PC is not compromised, than you used someone else's computer to access your Enom account, as gerolsteiner said.
Cannot think of anything else.

I'm baffled myself, the only place I logged into eNom are from my home computers.

I've been happy with eNom until this incident which has been a big big let down.

And the domains were locked.

They've changed this. When you push a domain to another account, adn choose NOT to keep the old WHOIS info(so you are changing ownership), the domain password is automatically deleted.

Well that's what I told them they should be doing when somebody stole my domain (a little over a year ago), but they refused to help and kept insisting it as a feature. By this change it proves I was right and they were wrong and they should have proceeded with the recovery of my domain. That's Risk Management for you.

It's a good thing that they've virtually abandoned ClubDrop in favor of SnapNames, because they used to push the domains to your account with the OLD whois info.

Actually,I think their support has deteriorated further since they recruited and trained all those new support staff at the beginning of the year. (but that's not for this thread, maybe)

And I'd rather not mention to gaining registrar but needless to say I contacted them, and they said their hands are tied unless eNom contact them directly.

I'd be absolutely stunned if eNom will contact them without you sending them a lawyer's letter.

Even NameCheap, an eNom reseller send you email about everything. But they're not turned on by default. They don't use the same CP as eNom, but it's quite good. Has a few nice features (like the turning on of these security messages). Something which I think is a flaw in the eNom system.

I still like and use and recommend eNom despite the stolen domain. I'm just more cautious about them now. Good Control Panel.

And it was only two domains, although the other domains in the account suddenly became unlocked like they were ready to be transferred


Compromised account for sure. Are you absolutely sure you never logged into eNom from anything but your home computers? If so, then it's probably either a keylogger or a compromised email account. Do you have any "partners" with access to your home computers?

How are you getting on with getting your account reactivated?

Were the domains developed sites or parked? Have you tried contacting the new registrant?

Knock on wood, social engineering maybe?

It was a developed site although oddly enough they haven't changed the nameservers yet.

I think if someone went to all this effort to take control of my domains, a nice email wouldn't encourage them to give them back to me.

Although I guess eNom are reading this forum. I got an email last night saying they had contacted the other registrar, now just trying to get them to reenable my account so I can login now.

To be sure I'll format my desktop and reinstall everything. And I've only ever given my password to the eNom site.

Can i suggest you go moniker ?

Can you let us know who the other registrar is , so that we can be careful in future?

Reformat is a good solution. What do you mean you've only given the password to the eNom site? Did they send you an email, asking for it? Normally, they don't do that. I doubt if eNom are monitoring this thread.

Well finally I've managed to get access back to my account and got an email from transfer disputes saying they have contacted the other registrar (who I won't name as they have done nothing wrong, to them it looked like a legit transfer)

As in I've only used my password on enom.com, never emailed it etc etc.

You may have downloaded malware by clicking on an eCard or social networking invite, I get dozens of these junk mails everyday. How long did eNom say it would take to resolve the issue?

Wouldn't say so as I delete all those emails.

And they never gave a timeframe, they just said they had contacted them.

One domainer i know use a live cd of linux ( try wolvix ) when do domain operations. Then he reduce more the risk involved in navigation

And they never gave a timeframe

Because they don't want to make promises they can't keep. Domain hijackings are never easy to resolve to begin with once they occur.