Archive: August 2013

96

Don't panic, 123-reg aren't phishing!

At work, we use 123-reg to handle our domain registrations. They're not the cheapest domain registrar, but they're not far off, and they don't charge extra for things like changing IPS TAG or allowing access to DNS management.

Their automated renewal systems are generally pretty bullet-proof too, and apart from a couple of issues with their website over the years we've used them, we've had no complaints.

But what I can't work out - for the life of me - is why they've changed their auto-invoice e-mails to ensure that everyone clued up on spam and phishing e-mails automatically assumes that it's a fake e-mail.

By way of example, here's one of their previous auto-invoice e-mails (with certain details blurred out, for obvious reasons)

123reg_before

Everything you need in the invoice is there in the e-mail, so you can just print it out and be on your way. More importantly, it has a variety of information in there that makes it obvious it's not a phishing e-mail - details of an actual registration/renewal that you've just carried out, the username, address etc.

Compare this to their new auto-invoice e-mail:

123reg_after

That's it.

No personal information in the e-mail itself (you have to open the PDF to get all of the information that was on the previous e-mail) and there's even a spelling error in the e-mail - something you'd typically find in a phishing attempt.

Of course, even ignoring these problems, their e-mail servers must be being put under significantly higher stress - a short, small plain text e-mail versus a ~30KB PDF? That might not seem like much, but at a guess they presumably process thousands of renewals every day - so that's got to add up to a lot of bandwidth, for nought!

I assume it's just a brand-awareness thing or something (as the PDF is admittedly very nicely branded) but it still seems like they've shot themselves in the foot a bit.