(Domain) Identity Theft…
17 January 2008 Leave a comment
I read an article in IT week about David Airey who had his domain stolen. There’s a summary of it here.
Apparently this is occuring a lot and is being done in a rather clever way. David was logged in securely to his Gmail account but had another browser tab open which had insecure data within it, the script ran in the insecure window and pilfered his details from his Gmail account including details of his domain. The hacker then waited until David posted a blog to say he was going on holiday at which point the hacker then stole his identity and took over the domain (presumable freed the domain and then grabbed it).
David returned from holidays to find his domain gone and that he was losing business. The hacker got in touch to demand payment. David didn’t pay up but rather blogged about his experience and got the domain returned by the ISP.
The interesting thing for me here is how subtle the scam was and how it used a combination of different technologies. I’m sure there is a lesson there for all of us.