Core Web Solutions Blog

Apparently this is nothing new as there are lots of other posts about it. So, I have been receiving letters from Domain Registry of America notifying me that certain domains I own are expiring. Sounds like a thoughtful, service-oriented company doesn’t it? That might be true, except, I don’t have any domains registered with Domain Registry of America.

However, these letters imply that I might, and therefore if I sign here and send a check there, my domains won’t expire. What is really going on is they are trying to get me to transfer my domain registration to them.. without being directly explicit about it.

In my opinion, this is nothing more than a trick played on the ignorant. There may be nothing illegal about such tactics, but then again there is nothing illegal about relieving yourself on the kitchen floor, but that doesn’t make it right. I believe this to be an unethical tactic to trick unsuspecting people into transferring their domains to this registrar. It is a marketing tactic which plays on the ignorance of the public, and that says a lot about a company who engages in such practices… doesn’t it?

You be the judge. Google search “ Domain Registry of America” – nothing but negative. Why would anyone sign up with them unless they were tricked? I guess it’s their business model.

Some sneaky programmer has come up with a dirty trick to get visitors to sign up for newsletters or otherwise opt in to email marking. The idea is simple, but its an unethical practice and I am seeing more and more of it daily.

It works like this… visitor completes legitimate registration form. Like many these days the last field is a CAPTCHA code where the visitor has to read the distorted characters and enter them into the field in order to submit the form. Now, many people are wise and un-check those check boxes that ask if you want to receive this company’s spam… eh hmm.. “special deals and offers”… or whatever.

So, visitor un-checks all the opt-in boxes so they don’t get on any spam list. But when they submit the form, they get the CAPTCHA code wrong! And have to do it again. On the second try, the visitor gets so focused on getting the code right they don’t even notice that the newsletter and ‘receive marketing emails’ boxes are checked again on the page reload. They enter the code a second time and bam…Gotcha! The visitor as been tricked by a deliberately failed CAPTCHA trick to induce them into opt-in marketing.

“pre-tty snea-ky sis’

Maybe I was just paranoid, but I started to notice this happening a lot. Maybe I just wasn’t paying attention and got the code wrong more often than I should. So, I looked into it and I am convinced it is a deliberate trick. I find it to be ridiculous and unethical. I am going to continue to test the theory to see who is definitely doing it and begin to list the evil websites I find that are tricking people this way..

This is real slime ball stuff and should not be tolerated. That’s what I think anyway.

I received an email today supposedly from Twitter.com claiming that my account may have been hacked or a victim of phishing. I was skeptical of the email. The irony is that even if this email was from Twitter, it is exactly what an email phishing bait looks like. It appears to be from Twitter, it has  a link to reset your password and if you are dumb enough to click the link, it could go to some clone site that steals your information.

Safe Handling Instructions.

After some checking I determined the email to be real. That is not to say the email you get is the real thing as yours could be a ploy made to look like this exact email. I have determined the safe way of handling this. Here goes…

1. Do not click the link.

2. Instead, go directly to Twitter.com

3. Type in your username and password

4. If it fails (which it will if the email was real), click on the “forgot” link

5. Enter your email and click “Send Instructions”

6. You will get an email in a short time with the link to reset your password.

7. Click that link and reset your password.

This method ensures that you are dealing with Twitter.com and not some phishing ploy. It is slower than clicking on the first email, but this way YOU KNOW you generated the email for the reset, and do not need to trust some random email allegedly from Twitter.

Or… you can just click the link in the first email and hope for the best!

IMHO

*******************************************************************

The body of the email:

Hey there.

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser:

http://twitter.com/account/password_reset?email=corewebsolutions@gmail.com&token=114469c2aed674b1a2514e2e496ce6e7-1271373406-agent

This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password.

As a reminder, you should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count. We do not endorse any of these sites.

Please make sure to:

• Scan your computers for viruses / malware, especially if unauthorized tweets continue to be posted in your accounts even after you’ve changed the password.
• Check the Connections page at http://twitter.com/account/connections and revoke the access privileges of any third party applications that you do not recognize.
• Avoid providing your username and/or e-mail and password to untrusted third-party sites.
• Remove any updates that you did not post personally.

You can also visit our help page for hacked or compromised accounts

The Twitter Team

Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.