.
mc1soft.com HOMEmanage your accountFrequently Asked Questions - Help & SupportSign Up Now!next article 

$4800 Stolen Using Street Address & Web Site Name!
...or "how to find key information on any web business in seconds"

How your personal information is revealed:

Have you registered a domain name?  You are required to list the name, email address, company name and street address of the owner.  You were told it was improper to provide incorrect information, and could jeapordize the record of ownership.

All the information you provide is available to anyone with a web browser. 

Three ways to find the name, address & email of a domain owner, even if it isn't on their website:

(1) Go to a name registration service and check the availability of the name.  You'll see an option to see who has it.  For example, at register.com enter the name Yahoo and check ".com" - when the results come back click on "taken" - then click on "access WHOIS information" and you find Yahoo's address and the phone number and email for the administrative contact.

(2) Use a WHOIS lookup service.  You can find dozens of these by searching for WHOIS on Google.  We chose WHOISreport.com and found that they had problems pulling up Yahoo's information, but we got the complete rundown on Intel just by adding their domain name to the site's name: http://www.whoisreport.com/intel.com.

(3) Use the freeware program Domain Name Analyzer to obtain dozens of registration records at a whack, and download them to a text file for automated processing.  Fortunately, there is a limit to how many one can obtain, but a patient spammer will use several IP addresses to foil this protection.

Other sources of business information

Of course, if you are trying to run a small business web site, you will have to give out similar information on your site, or you will not exactly inspire customers that you are a legitimate business!  You know this, and control the information, giving out only what you have to.

But when Dunn & Bradstreet called wanting to do a report on your small business, you probably were so flattered you dropped your guard, and gave out all sorts of information like annual sales,  number of employees, etc.  Am I right? 

To find out, go to the DNB site and type in your business name.  Unlike a consumer credit agency, DNB gives out limited information to anyone, for free.  Just click on one of the business names that comes up,  and you get the owner's name, full address, and phone number.

For as little as $35 you can get no telling how much additional information... most of which you probably gave them over the phone without even checking to see if the caller really was from DNB! 

Don't feel bad, I fell for this too.  Naturally, they won't remove your information once they have it.
 

next column 
 How your personal information is used:

Very rarely is your information used for a legitimate purpose.  To contact you about renewal, your registrar uses the private account information you have with them, which can be different from what's listed in the WHOIS database. 

Spammers obviously will use this information.  Someone wanting to buy your domain name (you wish).  Your competitors on the web might be trying to find out who you really are.

And lastly, the subject of this article, thieves have ways of using this information, especially if you have a small business web site.

An actual case of $4800 fraud

A small business web site had accepted credit cards for several years - MC/Visa/Amex/Discover.  In the mid-90's most consumer fraud was committed using bad checks, and credit card transactions hardly had to be checked.

Then a few overseas customers figured out all they had to do was claim they had never bought the item, and they wouldn't have to pay for it, because it is hard to prove delivery overseas.  Merchants are hit with chargeback fees of $25 and up when this happens, in addition to losing both the sale and the merchandise.

In July of 2002, someone figured a way to make a bigger score.  They opened an American Express merchant account using the business name and street address associated with this web business.  They undoubtedly did so in order to take advantage of the good credit this business had.

People inside the credit card industry indicate, fortunately, that this would be somewhat harder to do using MasterCard or Visa.  But whatever controls Amex used were not enough. 

Within a day, someone ran 3 phoney charges for about $1600 each.  The funds were direct deposited to their bank account the next day, and promptly withdrawn.

Within another day or two, Amex discovered the fraud (at least they were watching closely!) and closed the fraudulent account.  Then the legitimate business, whose address was on the account, got three chargeback notices saying the funds were being deducted from their bank account, and finally a merchant account closure notice.

Fortunately for the small business owner, Amex did not report the incident against their credit record, or try to deduct the funds from the legitimate account.  The fraudulent account was missing key info that might have made it hard for the legitimate merchant to prove they weren't involved.

It could have been much worse!  This close call convinced us to build the Contact-Link service!

Not convinced fraud is a potential problem for your small biz web site?  See this article in ECommerce Times
next article 
Copyright © 2002 Copyright © 2002 - MC1Soft.com - click to visit our home site