Feeds

Namesco spits out phishy warning after credit card info leak

'Please do not treat this as SPAM'

The Essential Guide to IT Transformation

The full text of Namesco's phish-like security warning:

Dear customer,

This email is a genuine security communication from Namesco and contains important information about your credit card details; please do not treat this as SPAM.

We have recently detected malicious activity on our systems resulting in the possibility that personal details and payment card information you have provided in connection with your Namesco account may be at risk. We are writing to recommend you take the appropriate action to protect your credit card data from potential fraudulent activity. A small proportion of our customer base has potentially been affected by this issue and we are contacting each person individually.

Who May Have Been Affected?

A recent security alert triggered our system administrators to immediately conduct a thorough investigation which concluded that your details may have been sent to a 3rd party email account. Although we do not have any evidence that your account has been compromised, we take the protection of our customers' data very seriously and we strongly advise as a precautionary measure you take the steps below to allay fears that your personal information has been intercepted. For your information, we have also contacted a separate group of 178 customers whose details were more likely to have been compromised.

The compromised data may include all or some of the following information: payment card number added to your Namesco account, name on card, card start (if entered) and card expiry date. Please note that the 3 digit card security number is not collected and therefore cannot be compromised. Your Namesco account administration email, account name, date of birth (if supplied), contact phone numbers (if supplied) and postal address may also have been compromised along with your Namesco account administration password. We have no reason to believe your site administration or email passwords have been affected.

What Might I Do Next?

We have not received any reports of illegal usage of your personal information; however you may consider contacting your card issuer to inform them that your card details may have been stolen and arrange to stop the payment card.

The last four digits and expiry date of payment card(s) are:

xxxx

As a precaution, we recommend that you change your Namesco account administration password at https://admin.names.co.uk/reminder1.php which will send a password re-set email to the address you hold on your Namesco account. If your password is not changed by Tuesday 17th January, we will automatically change your password for you. This means that in order to access your Online Control Panel you will be required to re-set your password at https://admin.names.co.uk/reminder1.php anyway.

We apologise sincerely for any inconvenience this incident may have caused and would like to reassure you that we have been working around the clock to ensure that we have undertaken a thorough investigation to identify the cause of the malicious activity and immediately locked down security to remove vulnerabilities.

As a result of this breach we have focused all of our efforts on developing new security enhancements that strengthen our network infrastructure against criminal activity of this nature; and we will be liaising with the UK Information Commissioner regarding this incident and engaging the police who will support an investigation into this criminal activity.

If you have any questions raised by this email, you can contact us by calling 0845 363 3634, Monday to Friday 8 am to 8 pm.

We greatly appreciate your patience and goodwill and hope that you understand we are treating this incident with the highest level of seriousness.

Kind regards,

xxx Customer Care Manager, UK Namesco Limited

®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.