Re: [gnso-irtpd] Example email string

[Volker Greimann <vgreimann@xxxxxxxxxxxxxxx>]

Hi Kristine,

the FOA can be obtained in various ways, but the most common one is an 
email sent to the registrant or admin  email address containing a 
trigger that must be responded to in some fashion. So the transfer would 
have to be authorized by someone controlling the email account of the 
registrant.
So in order to effectuate a fraudulent transfer the hacker would either 
have to have access to the email account of the registrant, or to have 
changed the email address in the whois prior to the transfer, an action 
that will be made much more difficult once ITRP-C is implemented.
Best,

Volker
> I can appreciate the concern here.  I'm not a registrar, so I don't understand the nuances of transfer, but I 
> do understand an FOA is needed.  What if (and I don't know in this case, I'm talking generally), the FOA was 
> fraudulent and the registrar "didn't suspect" fraud. I use quotes because I am asking (honestly, 
> not rhetorically) what prevents a registrar from simply "not noticing" fraud?  Does a registrar do 
> any sort of validity check or "well, the request came from an authorized email account so who am I to 
> ask questions"?
>
> Is there anything currently being done to encourage or train Registrars to spot 
> fraudulent transfer requests?
>
> Sorry if my questions are very  basic...
>
> -----Original Message-----
> From: owner-gnso-irtpd@xxxxxxxxx [mailto:owner-gnso-irtpd@xxxxxxxxx] On Behalf 
> Of rob.golding@xxxxxxxxxxxx
> Sent: Thursday, February 06, 2014 9:23 AM
> To: gnso-irtpd@xxxxxxxxx
> Subject: RE: [gnso-irtpd] Example email string
>
>
> > But this type of issue is exactly the one Registrants are seeking a
> > remedy for within ICANN.
> The 'claim' is that the transfer (validly completed) was 'fraudulent'
> because they allowed their details to be exploited/phished/socially engineered 
> or whatever - that's going to need someone to investigate/prove/identify the 
> details of the hack/exploit/scam.
>
> Ideally that's a job for the courts and specialists, not ICANN, not a Registrar 
> etc (in many cases) - a *crime* has been committed - we're not 'judges' or 
> qualified to make decisions about that.
>
> I hear the 'I've been hacked' story 100 times a week - usually after 
> terminating a spammers services.
>
> One of the funniest was Monday someone claiming they never ordered something, 
> and that we're been 'illegally taking money' from their bank account - 
> obviously they must have been 'hacked' (and accused us of doing it)
>
> This is after the order came from their IP, it was paid (and 3d-secured at 
> their bank) on their Debit card, they'd raised 3 support tickets/questions in 
> the preceding month, we'd spoken to them by phone at least once ...
>
> 'I must have been hacked' translates into 'oh sh!t I forgot to cancel something 
> I dont think I want anymore and rather than being reasonable and asking the 
> company for a refund that they probably would have given without issue, I tried 
> to fvck them over with bullcrap claims'
>
> As to the email-chain that started the thread, who is to determine they didnt 
> sell the domains and now have buyers-remorse ? Or had their assets seized by 
> the FBI ? or a million other possibilities ...
>
> > I disagree with the position that a party using illegally obtained
> > credentials
> I'm merely saying the *correct* credentials were used - if there is a claim 
> that the obtaining of those is 'illegal' then go seek 'legal'
> counsel.
>
> Rob
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann
- Rechtsabteilung -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@xxxxxxxxxxxxxxx

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen 
Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder 
Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht 
nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder 
telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann
- legal department -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@xxxxxxxxxxxxxxx

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems

CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is 
addressed. Furthermore it is not permitted to publish any content of this 
email. You must not use, disclose, copy, print or rely on this e-mail. If an 
addressing or transmission error has misdirected this e-mail, kindly notify the 
author by replying to this e-mail or contacting us by telephone.