Phishing Alert: Network Solutions

In the past, The Git’s domain registrar (NetSol) has issued warnings about phishing attacks via email:

Phishing Alert : Please watch for emails like this

We have been receiving reports that some customers are receiving spam/phishing emails that are fraudulent. There are reports that customers of other registrars are also receiving similar spam/phishing emails. The email we have seen has the subject line “Attention: domain will be expired soon.” There is a link the email that says “‘Renew your domain now and while it shows  http://www.networksolutions.com it actually goes tohttp://www.networksolutions.com.com42.asia>  now look closer , the link actually goes to the domain “com42.asia “. There are other domains and subject lines that are being used.   Please delete the email if it is suspicious.   We want you to know that we are taking every possible measure to protect our Customers from this attack and mitigate its impact. We are working very closely with the Registries as well as ISPs to detect any new domains from which these attacks are coming and shut them down.

The Git’s bank, ISPs and others have all warned against clicking links in unsolicited emails; indeed, The Git has taught hundreds of email users the same. It was surprising then when The Git received the following email from NetSol:

Dear Customer, New Regulations now require that domain account holders confirm their email information otherwise their domain will be deactivated. If your domain is deactivated you will still own the domain but you will not be able to have a live website until you verify your contact information. To ensure your domain(s) remain active, please click the CONFIRM button below to confirm the email address we have for you is accurate. CONFIRMIf you have any questions, feel free to contact customer service at 1-888-642-0209.

Note that it’s “Dear Customer”, not “Jonathan Sturm” (my name isn’t really Pompous Git), nor does The Git’s account number occur anywhere in the email. Think of how the likes of Amazon and PayPal contact you. Further, the “New Regulations” aren’t linked to. What New Regulations? Despite a flurry of emails to support from The Git’s email address, NetSol have been adamant that responding to emails sent to that address is not confirmation that this email address is “accurate”. Only clicking on the link will confirm its accuracy. Nor is NetSol willing (or perhaps able) to tell me what and where these “New Regulations” are! Being mail-bombed by one’s domain registrar is, to say the least, unpleasant. So, The Git decided to transfer his domains to a new registrar (see below). Initiating the transfer (obtaining the relevant EPP Keys) generated a message that these would be made available within three working days. However, a subsequent email from NetSol stated:

If you intend to transfer this domain name please call Network Solutions at 1-888-642-9675 to request assistance from a transfer specialist.

WTF! The Git lives in Tasmania and NetSol are in the USA. The cost of such a telephone call would doubtless be astronomical given Telstra’s international call rates. Just how fucking hard is it to issue an EPP Key? Well, The Git happens to know the answer to that question. The http://www.pompousgit.com domain was registered with Uber Global (it was a birthday present some years ago) and it took seconds for them to issue an EPP Key. The Git has put NetSol on notice that he knows ICANN require the Key to be issued within six working days. Given NetSol’s recent propensity for annoying its customers, The Git is far from hopeful. Some time ago, NetSol began using subterfuge when renewing accounts. Items that one didn’t want were preslected and added into the account with no obvious way to remove them if you happened to notice before completing the transaction. For example, hiding one’s personal details from anyone performing a “whois” search. Since one’s personal details are usually a matter of public record (telephone directory, electoral roll etc) there is nothing to be achieved from this exercise beyond enriching the registrar. see http://blog.adrianroselli.com/2012/11/network-solutions-and-dark-patterns.html for some details. Some years ago, when The Git chose his first hosting service, the one he chose had just become a registrar when ICANN decided to remove Verisign/NetSol’s monopoly. He registered a domain with them and pointed it to a subdomain on his website. The hosting service subsequently sold their registrar business to GoDaddy. GoDaddy, unlike Netsol, didn’t send a renewal notice and sold that domain to a squatter who wanted far more to allow The Git its continued use than he was prepared to pay. It must be said that The Git’s continuing use of NetSol was almost entirely due to this as they sent out renewals both by email and snail mail for many years and to The Git’s mind this justified the extra cost. So, The Git asked his Internet savvy friends who he should choose as his new registrar. The answer was http://www.active-domain.com/ who extend your domain registration from its current expiry date by one year for a remarkably low fee. Additionally, extras that many registrars charge for are free. Quite why some business think that annoying the bejesus out of customers is a Good Idea escapes me.

Update

Managed to persuade NetSol to give me the auth codes for my domains and transfer is underway. However, when I last renewed I for whatever reason decided to turn on autorenew. Turning autorenew off cannot be achieved through either NetSol’s web interface or via email. It must be done through telephoning. Only problem with that is the telephone number is not accessible from Tasmania; I just get the engaged tone. Bastages! I’ll just have to cancel my credit card and go through all the shemozzle of updating all the places I make regular payments. I’m not usually given to hatred, but this has been the week from hell! The only upside in this was discovering that Telstra no longer charge like a wounded bull for international calls. They are actually quite reasonable — less than I was paying for prepaid mobile local calls three years ago.

Update 2

Fortunately, NetSol eventually responded to my complaints and has removed the autorenew from my accounts. They telephoned me and despite the difficulty understanding what was being said to me, managed to make them understand what it was that I wanted — after the second telephone call. It turns out that what they want are the answers to your personal questions that supposedly protect you from having your account spoofed. Of course if my password had been cracked by a malicious hacker, they could then have readily edited the answers to those questions.

Entering my account now generates a nag screen that tells me that I no longer have the protection of Autorenew , as well as my Domain Setup being “only 65% complete”. If The Git really wanted to be endlessly nagged he’d be married to SMBO. Oh wait… he already is 😉

More secure is a two level security system as used by The Git’s bank and WordPress. After entering the correct username and password, access is only granted after keying in a numeric code that is sent to the user’s mobile phone. If you lose your phone, all is not lost, however. WordPress give you a list of numbers that you can use to regain access to your account. Keeping that list on a sheet of paper is as bad of course unless it’s in a safe.

More convenient is PasswordSafe, free software that allows you to create a secure database of usernames and passwords. You protect the database with a secure password. Secure passwords include upper and lower case letters, numbers and none alpha-numeric characters such as @, #, %, & and $. True security requires different passwords for different places and remembering ever so many passwords with differing none alpha-numeric characters is impossible for most of us. Memorising one is all that is required with PasswordSafe (and other similar products The Git doesn’t use).

It’s difficult to describe the feeling The Git had when he clicked on the large, red CONFIRM button in the email from NetSol. After training ever so many clients to not ever do such a thing and never having done that thing (and thus remained relatively malware and virus-free for decades), it was a truly painful experience. One that The Git hopes he will never have to endure again.

Advertisements

One thought on “Phishing Alert: Network Solutions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s