news 60,000 Bank Customer Details Sent to Wrong Email (Don't Own .COM)

[GoKaizen]

One of Australia’s big 4 banks has found out the hard way that it’s a good idea for a large company to obtain its top level domain. Not just the country code Top Level Domain that the company operates in.

http://www.domainpulse.com/2017/01/12/australian-bank-should-have-com/

 

[EmotiveDomains]

This just underlines the importance of owning the .com, especially for big companies.

 

[Name Trader]

Chuckle. A simple mistake. Big consequences. I'm glad I'm not a NAB customer

 

[Kuffy]

It's a difficult one. I use a UK bank - Nationwide, and they own the .co.uk. The .com is owned by a US insurance and banking company. I haven't had any problems as a result of this, except that I have typed the URL incorrectly a couple of times. I guess it's a real problem to find a name when you have a long established business based on a common word.

 

[Name Trader]

Yep. There a lesson somewhere within this story. Tucked way down there. That is that any good sized bank should have the com matching their ccTLD. Sending 60,000 Account details and typing the address without the ccTLD is a simple mistake. I would have thought they would have blocked the domain in their email servers. If that is at all possible. Which I imagine it would be. Even if they had to pay to get the block "tailor-made".

 

[TDM]

I read some statistics a few years ago, that for central European banks,
acquiring a single new customer costs them about 400 EUR/USD in marketing expenses (maybe more today as competition is fierce).

It´s not stated how much it costs to loose that clients.

Let alone the insights to that "level of professionalism" plus negative press and brand damages (any banking data is considered pretty sensible)

 

[Kuffy]

The real question is - why were they sending those addresses via email? Why didn't they use a secure channel on an intranet? why wasn't the message encoded?
They could have used ftp to pull the messages over rather than less secure email.

Now for the big question? Banks are rushing to create new "blockchain" based products, and they claim that these will be decentralised. How secure will these be if they can't get their domain names sorted out? In this case it was the use of a .com instead of a .com.au, What if it was a different typo? For example Citibank doesn't appear to own citybank.co.uk

 

[deez007]

The real question is - why were they sending those addresses via email? Why didn't they use a secure channel on an intranet? why wasn't the message encoded?
They could have used ftp to pull the messages over rather than less secure email.

Now for the big question? Banks are rushing to create new "blockchain" based products, and they claim that these will be decentralised. How secure will these be if they can't get their domain names sorted out? In this case it was the use of a .com instead of a .com.au, What if it was a different typo? For example Citibank doesn't appear to own citybank.co.uk

EXCALTY!.... the error here is not in the person using the wrong domain name...it's nothing to do with the technology. It boils down to human stupidity, there is no cure for that....lol even a .com can't cure human stupidity...sending 60 000 customer details over email??? Thats as daft as sending $10 000 in cash via the standard postal service and when it doesn't arrive you kick up a stink and complain about how useless the postal service is....hahaha..

 

[Kate]

Common problem, that I have experienced numerous times.
http://www.stripes.com/news/domain-owner-gives-up-to-errant-e-mails-1.75106

 

[pchip]

Another reason why people should never build a business on anything other than .com. I'd consider .net/.org depending on the application, but probably never anything else.

 

[TDM]

Common problem, that I have experienced numerous times.
http://www.stripes.com/news/domain-owner-gives-up-to-errant-e-mails-1.75106

Awesome/ful read!

 

[dollarfield]

For no reason COM is called King! Good lesson!!

 

[EmotiveDomains]

Not buying the .com may save end users some money in the short term, but it costs them way more in the long run.

 

[slader23]

At this point they need to bite the bullet and make an offer for the .com. 60k people sending details to the wrong email......thats probably many millions of dollars worth of information.....they should get this solved as quickly as possible. If it happened once, it could happen again.

 

[iAchilles]

Common problem, that I have experienced numerous times.
http://www.stripes.com/news/domain-owner-gives-up-to-errant-e-mails-1.75106

If anyone wants 50% off a spa day, hit me up. I have a code that's good for 1,000 people.

I've received an emails with people requesting bank details to send me $xx,xxxx .

I've one domain where if I point it to mail servers I'll collect about 100 cvs per day. Another domain I've had to refund about 2 dozen paypal payments. The list goes on an on. Most of these are previously developed domains, some are cases where I own the .com of the cctld holder.

This one I'll never forget.

In one case I felt the cctld holder was putting a userbase of 60,000 people at risk by ignoring the .com. I mailed them and explained that I was about to put the name on the market, if it got into the hands of someone looking to profit through nefarious activities they could be leaving themselves wide open to huge security risks.

It earned me a buck a day in revenue and I offered it to them for $150, I just asked that they compensate me for my time and out of pocket expenses. Some traffic was leakage from their cctld and some of it was from a previous developed site.

The mail was forwarded to various departments and I had some brief communication but I never heard back from them again.

It never ceases to amaze me just how ignorant end users can be. Small operations you can understand, but large IT infrastructures and companies have no excuse to be this ignorant. I sold that name mid $xxx to someone else.

 

[Joshh71390]

IMO if you are one of a countries largest of anything let alone a bank... you should own every single possible extension that is relevent... why not its pennies in the bucket. - Even if you arent risking email frawd etc - its worth the marking strategy atlest - ohh shit google.net is available ... jk

 

[TDM]

Exactly.

But they (in this case a bank) still invest 400+€ per new customer... where they could make some really smart-money decisions to complement their acquisition (and stop leakage)

 

[Joshh71390]

lol just take the interest from one loan a year and buy every extension....

 

[The Durfer]

wow, decent people are still out there. hmmm

 

[NameOmnia]

The 2 golden rules..

1. use .com
2. if you can't hold it you don't own it..aka use physical goods and cash

 

[rhakim]

Great article , thanks for sharing .. another reason .COMs is the king ...

 

[Univelse]

Thanks for the share.
com is the king for everything but banks are investing in .bank domains.

 

[fatter]

Another reason why people should never build a business on anything other than .com. I'd consider .net/.org depending on the application, but probably never anything else.

I wouldn't even consider the net and org, org might be good for a charity, but some of my traffic names I sold were because I had the dotcoms, and they had the net/org names. I remember one of the names they inadvertenly linked to my name because they typedin dotcom in the link instead of dotnet. If they get confused can you imagine how customers mess it up. We can all hope for some big company to reg a name which we own the dotcom
Joe T

 

[N-A]

One thing that everyone's overlooking here is that AusRegistry is the only registry of (a large) country, to the best of my knowledge, that uses .com.ccTLD (.com.au).

Everyone else? Japan: .co.jp; India: .co.in; South Africa: .co.za; etc.

Whos bright idea was it to make it .com.au? I think that's the most confusing part here. I haven't heard of many instances of .co.ccTLD sending/visiting .com.ccTLD.

As far as @Kate 's example: The problem would be solved if the Air Force followed the same email patterns that every other branch uses (USMC with @usmc.mil, Army with @us.army.mil, and Navy with @navy.mil). Instead, they have fly high and be different using @base.af.mil.

I'd like to hear from Kate to see if the majority type .com.uk over .co.uk there to substantiate this thought.

 

[N-A]

Edit: It appears that Mexico uses .com.mx.