Pelland Blog

Don’t Get Caught by the US Domain Authority Scam!

September 27th, 2021

It has been nearly a decade since I wrote about a scam that was circulating by a company that called itself Domain Registry of America. Their modus operandi was to send out bulk mailings to domain name registrants like you and me, after harvesting our names, addresses, and domain names from public registry records. The letters looked official, exploiting the American flag and warning that you were ready to lose your domain name unless you took immediate action by paying them a “renewal” fee. Many people failed to read the fine print, panicked, and paid the fees. In other instances, company accountants handled accounts payable, failed to recognize the scam, and paid the fees – always without reading the fine print. If 1 or 2% of the people who received these solicitations panicked and made payments, these thieves made an absolute fortune

The fine print was buried at the bottom or on a second page of the letter, had nothing to do with protecting your rights, and had everything to do with protecting the interests of the perpetrators. Basically, the fine print said that this was not an invoice, that it was a solicitation for goods or services, and that by paying the fee you were authorizing your domain name registration to be transferred to Domain Registry of America. You paid the nonrefundable fee, whether or not the company was successful at transferring your domain name registration away from its current registrar. If you have wisely locked your domain, which would prevent its transfer, you would have nonetheless lost the fee that you had paid. Should you realize your error after the fact and demand a refund, or ask your credit card provider to charge back the fee, Domain Registry of America would be willing to sell your domain name back to you for an added fee of $200.00. Additional fine print stipulated that, if you attempted to sue them, you would be responsible for payment of all of their legal expenses.

The parent company was Brandon Gray Internet Services (dba NameJuice.com). Though the letters from Domain Registry of America had a return address in Buffalo, New York, the company’s offices were actually located over the border in Markham, Ontario. The scam was so successful that there were international variations such as Domain Registry of Australia, Domain Registry of Canada, Domain Registry of Europe, Domain Renewal Group, and Liberty Names of America (where the letters would exploit the Statue of Liberty instead of the American flag.) In December of 2003, a United States District Court order on behalf of the Federal Trade Commission prohibited Domain Registry of America from engaging in these practices, but that failed to stop them. Today, the NameJuice.com website is still live, hosted on the company’s own servers, and the DROA.com website of Domain Registry of America now opens a suspiciously similar site that is operating under the Domain Registry Services name.

Very similar scams (often involving email rather than more expensive bulk mail) include one where the recipient is warned as some sort of “courtesy” that somebody has inquired into registering the .CN, .HK or .TW (the country codes for the People’s Republic of China, Hong Kong and Taiwan, respectively) version of your domain name and thereby jeopardizing your online presence. They then offer to sell you these versions of your domain name, along with a laundry list of other worthless variations – for an annual fee. First of all, unless your business has an internationally recognized brand name – such as Microsoft – nobody is interested in wasting money registering alternate versions of your .COM domain name, nobody has inquired about doing so, nobody would legitimately warn you, and these thieves are looking out for nothing but your money and your credit card number.

Another similar scam is the yet another that looks like a domain name registration renewal invoice, also preying upon the common fear of losing one’s domain name. It is actually a “warning” that some sort of non-existent SEO (search engine optimization) services are ready to expire, which will result in Google dropping your website from its search engine listings. One that is currently making the rounds comes in the mail and says it is from a company called United States Domain Authority, operating out of a post office box in North Carolina. The letters look both official and urgent, and they once again exploit the American flag to add to their credibility among the naïve. The “notice” says that it is for an “Annual Website Domain Listing” at an annual price of $289.00. Basically, you would be paying this fee for an essentially worthless listing on its own usdomainauthority.com website. The fine print reads that “This website listing offer is provided to leading websites throughout the United States to enhance their Website exposure and expose them to new customers through our directory. We are not a domain registrar and we do not Register or Renew Domain Names.” It continues, “THIS IS NOT A BILL. THIS IS A SOLICITATION. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED ABOVE UNLESS YOU ACCEPT THIS OFFER.” The company is covering the legal requirements, though ethics, decency, and honesty are tossed aside. Fortunately for them, many people do not take the time to read.

This mailing from United States Domain Authority encourages payments by return mail or credit card online, asking that checks be made payable to “Domain Authority”. It lists a Web address of usdomainauthority.com, a domain name that was registered with GoDaddy on March 12, 2021. In other words, this outfit is selling $289.00 directory listings on a website that has barely been in existence long enough to be recognized itself.

Why do you get these letters, emails, and junk faxes? Simply put, because there are thieves in this world. When you register a domain name, your contact information is publicly accessible unless you pay for a so-called “private registration” … an additional $5.00 or $10.00 annual fee with most registrars. If you are capable of detecting scams, save that annual fee and let these people waste their money on postage; otherwise, you may want to pay for a private registration, where your contact information cannot be readily harvested. It is also important to always keep your domain name registration in “locked” status until such time as you might want to voluntarily transfer to another registrar. Most importantly, if you receive one of these solicitations, rather than just throwing it away, try to do your part to help put these people out of business by forwarding a copy of the correspondence to the U.S. Federal Trade Commission and the office of your state attorney general. There have been instances in the past where several state attorneys general have banded together and have gone after people like this.

Now if we could only stop the TV commercials with Joe Namath selling Medicare supplements, Pat Boone selling walk-in bathtubs, and Marie Osmond selling weight-loss products …

This post was written by Peter Pelland

Another Step to Protect Your Privacy

September 3rd, 2021

You might be surprised to learn how much of your personal information is readily available online, easily accessed by just about anybody, and being packaged and sold at a profit by over 100 data brokers, so-called public records providers. There are over a billion searchable public records today, and both federal and state legislation passed over the last 50 years ensures the public’s right to access. It all started with the Freedom of Information Act, passed in 1967, guaranteeing that anyone can submit a public records request to any federal agency, and that agency (with few exceptions) is mandated to provide the information in a timely manner. This federal legislation was followed by similar “sunshine laws” that were passed in all 50 states, providing access to state and local public records. The public has a right to know what is going on behind closed doors with its elected officials and government agencies, but it is the access to public information regarding specific people – routinely exploited by profit-seekers who sell compiled data to marketers and others who have no business accessing your personal information – that is troublesome.

If you do a search on Google for your name, city, and state, you are likely to be shocked to see how much personal information (some of it highly inaccurate) is available with just one click, where public records are consolidated with information that you may have voluntarily provided on platforms such as Facebook and LinkedIn. You will probably find your full name and address, former addresses, family members (including births, deaths, marriages and divorces), phone numbers, email addresses, year of birth, estimated annual income and net worth, real estate and property records, property taxes, professional licenses, voter registrations, campaign contributions, court records, arrest records, prison records, sex offender registrations, bankruptcy records, educational level, general credit status, liens, and corporation and LLC records. Is that enough? About the only records that are generally off-limits are your tax returns, school transcripts, library records, health records, and juvenile court records.

How Public Records Providers Operate

If you go to one of these public records providers’ websites, you will first be asked enter the first and last name of the person for whom you are searching, along with his or her city and state. You will then be presented with a list of results that likely include that person, along with links for “more information” or a “full report”. You will then wait several minutes for the report to be allegedly generated, teasing you with the categories of information that are being compiled, and presenting you with one or more payment or subscription options. If you are like me, you realize that public information must remain accessible, but you would like to see your personal information removed from websites that are packaging that information for profit and selling it to anybody willing to pay their fee.

If you live in California, you are in luck because the California Consumer Privacy Act (CCPA) protects the rights of California residents regarding their personal information, including the right to easily request access to or deletion of their personal information, as well as the right to demand that businesses stop selling that personal information. Whether you live in California or elsewhere, you basically need to go to the website of each public records provider and click on the link (usually at the bottom of the page) that says “Do Not Sell My Personal Information”. You will then be directed through a multi-step process that will include email or text authentication in order to be removed from that one seller’s database. (If you live in California, there will be a secondary link that will streamline the process.) Of course, there are businesses that are willing to capitalize on anything, and there are companies online that will do the work for you for a substantial fee. Two of those are companies called DeleteMe – https://joindeleteme.com/ and OneRep – https://onerep.com/ that will provide that service for one person for one year at prices of $129.00 or $99.00 respectively.

Presuming that you would like to avoid that kind of fee and would like to go through the process of removing your personal data from these websites yourself, here is a list of some of the major culprits, along with their removal URLs:

  1. Instant Checkmate. https://www.instantcheckmate.com/opt-out/
  2. SpyFly. https://www.spyfly.com/help-center/remove-my-public-record
  3. TruthFinder. https://www.truthfinder.com/opt-out/
  4. BeenVerified. https://www.beenverified.com/app/optout/search
  5. CheckPeople. https://checkpeople.com/do-not-sell-info
  6. PeopleFinders. https://www.peoplefinders.com/manage
  7. US Search. https://www.ussearch.com/opt-out/submit/
  8. ID True. https://www.idtrue.com/optout/
  9. Spokeo. https://www.spokeo.com/optout
  10. Intelius. https://www.intelius.com/opt-out/
  11. Radaris. https://radaris.com/control/

Several additional websites do not maintain their own databases, basically repackaging the information from larger data brokers and earning a commission on sales. In those instances, getting removed from the source of the data will remove you from more than one site. Examples are the PeopleLooker, PeekYou, and PeopleSmart websites that run off the BeenVerified database, and InstantPeopleFinder that runs off the Intelius database. Then there are other companies – such as FreeBackgroundCheck.org (with a bald eagle in its logo and which at $19.95 per month is anything but free) – that seem to spit in the eyes of privacy rights. According to the FAQ page of their website: “As a courtesy (sic) we can ‘opt out’ your specific information. Contact customer support and request the procedure instructions to be removed from the database. Each individual that wishes to be opted out of must be accompanied by proof of identity and address. We will only be processing opt out requests we receive by fax or mail and no request will be processed without complete information. Requests for opt out will not be processed over the phone or via email.”

You probably already knew that we are living in a world where personal privacy rights are continually swept under the carpet, and where there are countless companies and individuals that are willing to compromise those rights through the use of dubious profit-based services. Although you may very well feel like David vs. Goliath, you can at least attempt to fight back!

This post was written by Peter Pelland