Wednesday, March 24, 2010

Domain Registry of America

I just got a paper letter from Domain Registry of America telling me my domain was going to expire soon and I could renew with them for their best price. But they sent it to my home address, not the P.O.Box address I use for all domain contacts.

I don't know how they do this. I'm pretty sure I never used the address for any of my domains. The domain is actually my name (first and last) dot org. I haven't received any other letters like this for my other domains, so I think they have purchased a usps mailing list from someone and correlated it to domain names.

The letter in question was a pretty straightforward attempt to catch me sleeping. It stated my domain was about to expire, and I really really really needed to renew it, and by sending in 3 times the annual amount I currently pay they would be happy to transfer me to their service.

Friday, March 19, 2010

The latest facebook phishing scam

There's a facebook phishing e-mail going around, it tells you your password has been reset and the new password is in a zip file attached to the mail message. There's nothing unusual about the phishing attempt. It's unusual that it is receiving so much attention, but that isn't newsworthy to me.

What is unusual and newsworthy is the source of the e-mail addresses it was mailed to. I use a different e-mail address whenever I register at a website. Typically it is company name @ my domain. Not only does this lead to lots of fun confusion when I tell a company representative my e-mail address (I've been accused of lying), but it also lets me track if the company sells their e-mail list, or uses it in nefarious scamming ways.

And it lets me see when a company might have been hacked, and their e-mail list stolen. I've received two messages so far, one for my Roku ( e-mail, and one for my Big Brand Water Filter ( e-mail. I don't know anything about Big Brand Water Filter, other than they sell cheap water filter parts, but Roku has always been a reputable company. I suspect their e-mail list has been stolen somehow.

Update: I cannot remember exactly in which context I used the roku address. I have purchased from them, and used their support forums, but I also had a professional relationship with them, and the only support forum account I could remember used my work e-mail address. The Big Brand Water Filter was used for a purchase, and only once I think. It is troublesome to think that the phishers hacked into servers and had access to sales data.