Feeds

Namesco spits out phishy warning after credit card info leak

'Please do not treat this as SPAM'

Protecting against web application threats using SSL

The full text of Namesco's phish-like security warning:

Dear customer,

This email is a genuine security communication from Namesco and contains important information about your credit card details; please do not treat this as SPAM.

We have recently detected malicious activity on our systems resulting in the possibility that personal details and payment card information you have provided in connection with your Namesco account may be at risk. We are writing to recommend you take the appropriate action to protect your credit card data from potential fraudulent activity. A small proportion of our customer base has potentially been affected by this issue and we are contacting each person individually.

Who May Have Been Affected?

A recent security alert triggered our system administrators to immediately conduct a thorough investigation which concluded that your details may have been sent to a 3rd party email account. Although we do not have any evidence that your account has been compromised, we take the protection of our customers' data very seriously and we strongly advise as a precautionary measure you take the steps below to allay fears that your personal information has been intercepted. For your information, we have also contacted a separate group of 178 customers whose details were more likely to have been compromised.

The compromised data may include all or some of the following information: payment card number added to your Namesco account, name on card, card start (if entered) and card expiry date. Please note that the 3 digit card security number is not collected and therefore cannot be compromised. Your Namesco account administration email, account name, date of birth (if supplied), contact phone numbers (if supplied) and postal address may also have been compromised along with your Namesco account administration password. We have no reason to believe your site administration or email passwords have been affected.

What Might I Do Next?

We have not received any reports of illegal usage of your personal information; however you may consider contacting your card issuer to inform them that your card details may have been stolen and arrange to stop the payment card.

The last four digits and expiry date of payment card(s) are:

xxxx

As a precaution, we recommend that you change your Namesco account administration password at https://admin.names.co.uk/reminder1.php which will send a password re-set email to the address you hold on your Namesco account. If your password is not changed by Tuesday 17th January, we will automatically change your password for you. This means that in order to access your Online Control Panel you will be required to re-set your password at https://admin.names.co.uk/reminder1.php anyway.

We apologise sincerely for any inconvenience this incident may have caused and would like to reassure you that we have been working around the clock to ensure that we have undertaken a thorough investigation to identify the cause of the malicious activity and immediately locked down security to remove vulnerabilities.

As a result of this breach we have focused all of our efforts on developing new security enhancements that strengthen our network infrastructure against criminal activity of this nature; and we will be liaising with the UK Information Commissioner regarding this incident and engaging the police who will support an investigation into this criminal activity.

If you have any questions raised by this email, you can contact us by calling 0845 363 3634, Monday to Friday 8 am to 8 pm.

We greatly appreciate your patience and goodwill and hope that you understand we are treating this incident with the highest level of seriousness.

Kind regards,

xxx Customer Care Manager, UK Namesco Limited

®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.