Sedo e-mail real or fraud?

verbster · Apr 12, 2014

Just got an e-mail from Sedo wanting me to confirm my account. Here are the first three sentences:

Dear [my first name],

Thank you for becoming a Sedo member!

In order to submit your offer for you must first verify that the email you provided is a valid email address.

I'm concerned because I'm not a new member, and I have not submitted any offers. (Plus, that sentence is missing a word or something.)

The e-mail wants me to "Please type this Email Confirmation Code onto the Account Confirmation page that prompted you to this email."
Has anyone else received this e-mail? Opinions on if it's real or not?

I tried to contact SEDO but completely failed...kept getting errors when I tried to send them a "question." Suggestions?

Traveler · Apr 12, 2014

I received that e-mail as well today. Something seems fishy because I have been a member with them for years and have bought and sold many names already.

verbster · Apr 12, 2014

Yeah, the e-mail header looked strange, but went to what seems to be Sedo in Germany. 82.98.86.203

Still seems off.

forge · Apr 12, 2014

I got it today too. Pretty strange to be out of the blue.

I have made no offers at Sedo for a long while.

johname · Apr 12, 2014

I got one today and figured it was a phishing email.

Kate · Apr 12, 2014

I got one in Spanish. But it appears to be coming from Sedo.

davybuk · Apr 12, 2014

I had two of these today although they seem to be coming from Sedo itself so I was searching the forums and found this thread so I see I'm not the only one !

verbster · Apr 12, 2014

davybuk said:
I had two of these today although they seem to be coming from Sedo itself so I was searching the forums and found this thread so I see I'm not the only one !

Did you notice if they were sent to two different e-mail addresses . . . or do you have two accounts there?

Name Trader · Apr 13, 2014

Hi. I got one for both of my Sedo accounts (1 of which I haven't used in years). The link is genuine, and takes you to the Sedo website. Clicking on the link verifies your email. The wording could have been much better because I thought it was a scam also. I guess this was because of the "Heart Bleed" bug.

verbster · Apr 13, 2014

stub said:
Hi. I got one for both of my Sedo accounts (1 of which I haven't used in years). The link is genuine, and takes you to the Sedo website. Clicking on the link verifies your email. The wording could have been much better because I thought it was a scam also. I guess this was because of the "Heart Bleed" bug.

Hmmm . . . Did your e-mail have these lines, too?

"Please type this Email Confirmation Code onto the Account Confirmation page that prompted you to this email."

"This code will expire soon, so please confirm your account as soon as possible."

I didn't have an account confirmation page that prompted me to the e-mail. It just sounds so unprofessional.

Okay, gritted my teeth and clicked the link. It seemed to reset my Sedo account, asked me if I wanted to park domains or just buy and sell. Guess it's legit. Thanks, Stub.

enlytend · Apr 13, 2014

Got one of those too - thought it sounded dodgy and ignored it.

If they want people to take their emails seriously, they should word them better.

NPer · Apr 13, 2014

I never got this email at all.

My Sedo account is working quite fine-no reset required.

FanCube · Apr 14, 2014

According to Sedo this was fraud as the Sedo website was compromised. As a result some e-mail addresses were leaked. If this latest e-mail from Sedo can be trusted...

NPer · Apr 14, 2014

FanCube said:
According to Sedo this was fraud as the Sedo website was compromised. As a result some e-mail addresses were leaked. If this latest e-mail from Sedo can be trusted...

Never got that either.

I did get this one earlier:

" Only 8 more days to submit your .co.uk domain for auction!"

johname · Apr 14, 2014

We wish to inform you that on Saturday, 12th April, the Sedo website was compromised by an unknown intruder through a previously unknown security loophole. This resulted in an unauthorized email with the subject “Confirm your Sedo Account" being sent to a small number of our customers.

Our immediate investigation into the matter has shown that your email address was unfortunately one of those affected. That means that the intruder has got your email address only. NO other data has been compromised, i.e. no passwords or other account information was obtained. The security vulnerability was closed as soon as it was detected and any further unauthorized access was successfully prevented. This means that your Sedo account is safe, and you do not need to take any action to safeguard data stored in your account. Clicking on the link in the unauthorized email has no adverse effects.

NPer · Apr 14, 2014

johname said:
We wish to inform you that on Saturday, 12th April, the Sedo website was compromised by an unknown intruder through a previously unknown security loophole. This resulted in an unauthorized email with the subject “Confirm your Sedo Account" being sent to a small number of our customers.

Our immediate investigation into the matter has shown that your email address was unfortunately one of those affected. That means that the intruder has got your email address only. NO other data has been compromised, i.e. no passwords or other account information was obtained. The security vulnerability was closed as soon as it was detected and any further unauthorized access was successfully prevented. This means that your Sedo account is safe, and you do not need to take any action to safeguard data stored in your account. Clicking on the link in the unauthorized email has no adverse effects.

Hmm... this is interesting.

Traveler · Apr 14, 2014

I didn't get the second e-mail, just the first one.

edit: Just found the second one in my junk mail folder.

verbster · Apr 14, 2014

I got the second e-mail. Makes me wonder what we're not being told.

There's something strange about the second e-mail, too. The header IP shows 46.4.114.188, which isn't sedo, I don't think.

Good grief.

enlytend · Apr 14, 2014

I got the second email. Ignored and trashcanned the first.

Changing passwords is probably advisable.

NPer · Apr 14, 2014

Traveler said:
edit: Just found the second one in my junk mail folder.

Exactly where it belongs. :imho:

forge · Apr 14, 2014

enlytend said:
Changing passwords is probably advisable.

Excellent advice IMO.

Sedo e-mail real or fraud?

Blue MooseTop Member

Top Member

Blue MooseTop Member

we deliverTop Member

Planet FutbolTop Member

Domainosaurus RexTop Member

Established Member

Blue MooseTop Member

formerly @stubTop Member

Blue MooseTop Member

Top Member

Very Allergic to CURRYTop Member

Established Member

Very Allergic to CURRYTop Member

Planet FutbolTop Member

Very Allergic to CURRYTop Member

Top Member

Blue MooseTop Member

Top Member

Very Allergic to CURRYTop Member

we deliverTop Member

Similar threads

We're social

Pinned

Appreciation

Agreement