PacNames - Domain Transfers

Domain names have a owner, a technical authority (where it is hosted) and an administration authority (who handles the 'paperwork'). If your Administration authority is someone other than yourself, you may get targeted with a chatty communication from PacNames. This will be along the lines:

Both the administrative contact and the registrant details must be accurate. These people have authority to sell, transfer or delete a domain name. They can in a matter of moments give away your valuable domain name to another person. Therefore they must be absolutely trustworthy and guaranteed in this way to act in the best interests of the domain name holder who should always be listed as the registrant.

If your domain name shows a computer consultant, member of staff other than a director of your company or if it lists a representative of your internet service company or webhosting company as either or both of these roles then you need to fix this IMMEDIATELY to guarantee the ongoing security of your domain.

Were concerned about the security of your domain name and you should be too.

etc.

There are three points to note:

If your Administration authority is a professional organisation, you don't need to act IMMEDIATELY because there is nothing to fix.

The purpose of the message from PacNames is to get you to switch to them and be charged at their rates. You are free to choose whoever you want to administer and host your domain, but take advice from your existing providers before you sign-up to anyone; make sure that you understand all the charges; and make sure you have clear exit guarantees. (The latter point is very important so that you don't experience any additional costs or delays in getting domains switched to another company at some future date.)

A good place to look for comments on domains is the Domain Name Forum.

Phishing off Citibank

The term Phishing ("fishing") is started to become more commonly used in TV, radio and printed matter - we published a description of the scam last June.

Here is a current example of such a scam, which perports to come from Citibank:

Dear Customer, Your Details Have Been Corrupted

Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately.

This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information.

This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension.

Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand.

etc.

Citibank, or any other bank, would not issue such emails, particularly where the reply link goes to a non-descript location - which is likely to be a spoof website. But the wording is often plausible and were there are real cases of security errors (e.g. Cahoots), the scam does fool customers.

Incidentally, Citibank has addressed this problem straight on by publishing guidelines to its customers on the front page of its website. Well done Citibank!

Gadzooks Cahoots!

Cahoot’s blunder at failing to maintain access security on customer accounts serves to illustrate how important it is to have thorough testing and release procedures for software.

The trouble is the higher the profile, the higher the stakes - Internet banking could hardly have a greater need for security of data. So after spending millions developing and promoting the service, screwing up the testing of new releases is a fundamental error and could cost them dear.

At least they didn’t use the old statement: “it was a computer error”.