In this era of nasty malware and Internet scams you'd think one of the Internet icons would know better. You'd be wrong.
With that in mind, I nominate Yahoo for the "cobbler's children have no shoes" award. To renew a subscription to Yahoo Mail Plus (which went up $10 this year for some reason, a 100 percent increase), Yahoo sends its subscribers a billing e-mail from a cryptic domain, cc.yahoo-inc.com, with absolutely no prior warning. The e-mail of course asks you to verify personal information and supply your credit card number--an Internet taboo if there ever was one.
After my wife input her information and clicked "send," she had a bad feeling and asked me to investigate. I poked around the URL and even did some background checking on InterNic before determining that the site was legitimate. Even then I was left with a lingering suspicion.
Given all of the headlines, a lot of Yahoo e-mail customers are bound to delete this e-mail. Yahoo will then have to reach out again and again (probably using the same automated e-mail notice), adding to its renewal costs. In the meantime, customer satisfaction will likely suffer when users realize that these dubious messages were actually authored by Yahoo and not some flimflammer in the Balkans.
On the flip side, Yahoo is paving the way for sinister elements to mimic this payment method and dupe its unsuspecting customers into handing over personal info. Is it me, or should Yahoo know better?
Yahoo's ill-advised billing system is a microcosm of Information Security problems where trust, identity, and integrity are always in question. In this day and age, we need to train people to be distrustful and we need to support this behavior with common sense business practices.
Remind me to send a copy of Kevin Mitnick's book, The Art of Deception: Controlling the Human Element of Security, to Yahoo headquarters.