Comments on: Sedo scammers take advantage of email predictability

By: Beware of domain scam via Sedo.com. Fake Emails, Watch Headers : Dot Weekly

Beware of domain scam via Sedo.com. Fake Emails, Watch Headers : Dot Weekly — Mon, 22 Sep 2008 18:32:36 +0000

[…] Acro.net from DNF wrote about this as well on the 9th, but wanted to be sure you seen it! You can read more about it on DNF as well, but forget about the misleading title to the post. This was simply a scam and the OP was scammed into pushing the domain. It was never hacked. […]

By: Namington

Namington — Tue, 09 Sep 2008 17:43:24 +0000

I do not like providing the auth. code. If I push the domain to Sedo’s escrow account, they can still push it back. But actually, they already have the buyer’s money, so nothing can happpen.

But still, pushing the domain to Sedo (or Moniker) is always much more secure than directly to the buyer (escrow.com’s “escrow”), because the provider of the escrow service knows for sure that we have done it…

By: Acro

Acro — Tue, 09 Sep 2008 15:06:35 +0000

Looks like Sedo has issued an update!

“With immediate effect we have updated the communication protocols used for domain purchases and sales. All correspondence related to a transaction will be made directly through the respective Sedo accounts. Emails will only be sent to indicate that there is an update and that the customer should refer to their account for the relevant information.”

By: Acro

Acro — Tue, 09 Sep 2008 13:19:44 +0000

Regardless, all this communication should not be made via emails. *Notifications* should be sent via emails, with all sensitive info - including agents’ names - disclosed only in the transaction area.

By: Kevin

Kevin — Tue, 09 Sep 2008 10:33:38 +0000

The risk tends to be higher for internal transfers. With external tranfers, Sedo now requests that the Authorization Code is sent to Sedo, who will then pass it on to the buyer.

By: Connie Bensen

Connie Bensen — Mon, 08 Sep 2008 20:22:16 +0000

Hi,
I am Connie at Network Solutions. Boy, that was a long time ago. Thank goodness we are a much different company now.

I wholeheartedly agree that we all need to collectively learn from past technical errors. There is a lot to be learned from this kind of a scenario. In some ways it’s hard to share information because of wanting to contain issues, but hopefully we can use bodies like ICANN to resolve collective issues.

By: Acro

Acro — Mon, 08 Sep 2008 13:19:54 +0000

Mickie, that’s not always the case, however. At least twice I have been asked to push to the buyer’s account, and vice versa: a transfer is initiated by me to my registrar (as the buyer) directly from the seller’s account. So there are quite a few security concerns.

By: Mickie

Mickie — Mon, 08 Sep 2008 12:38:16 +0000

One thing Sedo has done for me is to only push to Sedo’s account, which is always the same account. By doing so, the worst a person can get is for the domain to be at Sedo’s brokerage account at my registrar. That has been a really good solution for my concerns and forces Sedo to walk the complicated path of explaining how to transfer or push domains to end-users who tend not to be very sophisticated or technologically-inclined.

By: Dave Hogan

Dave Hogan — Mon, 08 Sep 2008 12:16:52 +0000

I’ve often thought about this - Whenever you receive an email from Sedo, simply login and check the status of the transfer before believing what is said in an automated templated email.

I take this step in every transfer I make through Sedo.