Online account interface makes spoofing more difficult.
It has been a while since I’ve sold a domain on Sedo, so I noticed a new security enhancement today when transferring a domain to a buyer.
The security problem was that Sedo’s escrow process used to be handled exclusively by e-mail. After Sedo received funds, the seller received an email with instructions for transferring the domain. This e-mail could be spoofed (indeed, I recall reading about at least one such high profile case) resulting in the seller transferring the domain before money was received and into a criminal’s account.
The new process still includes e-mail, but it requires you to log into your Sedo account to verify the money has been received and for instructions on transferring the domain. This is much more secure and is similar to how Escrow.com and Afternic work.
Of course, this is only more secure if people know about the process. Someone familiar with the old process may still be tricked by a spoofed email. So here it goes: If you sell a domain on Sedo, be sure to log in to your account to verify the money has been received and to find instructions for transferring your domain. Do not transfer based on information supposedly sent by a Sedo representative only.
It is also important NOT to click any links in emails, which can redirect you to a site that LOOKS like Sedo.
It’s always best to type directly (Direct Navigation) into your browser when visiting a web page after reading an email.
I guess that will encourage sellers to check their accounts before transferring the domains. But there is still that due diligence most people fail to do before transferring.
How could there be improvements to the process?
Lets hope these new features help protect us in the future.
Regards,
Robbie
Founder
RegFeeNames.com
Rats…someone didn’t get the message.