Re: A social engineering attack
"Whatever changes the person on the other end of the call wants to make will simply have to wait. That's far better than the consequences of domain theft."
That's up to each customer. For some, the security of a domain name is paramount. For others, immediate restoration is critical (business lost far exceeds the damage done by a temporarily wayward domain). The problem seems to be that the criticality is only determined at the time the customer's site has failed. Then, the car has broken down, the dog died, there are six children crying and unfed in soiled diapers. And the landlord is pounding on the door with a past-due rent bill. And now my web site is broken. At least that's how the scammers make it sound.
Perhaps there could be some pre-negotiated process, selected by the user at the time of domain purchase to set a level of identity verification. At least it will make the customer think carefully about how well to secure that password. And if it was a legitimate emergency, well .... shame about the dog.
Biting the hand that feeds IT
