Skip links

Why should I pay for that security option? Hijacking only happens to planes

On Call Friday is here. We’d suggest an adult beverage or two to celebrate, but only if you BYOB. While you fill your suitcase, may we present an episode of On Call in which a reader saves his boss from a dunking.

Our tale comes from a reader Regomised as “Ed” and is set earlier this century. Ed was working as a developer in a biotech lab. He rarely spoke to the director, but did speak to the director’s personal assistant a lot.

This PA was very much a jack of all trades (and master of… well, you get the drift). HR? He was in charge of that. Ops? That too. Anything technical? Of course. Heck, even though the firm had its very own bean counter, one had to go through the PA to get anything paid or budgets approved.

“He was also kind of a Know-It-All who didn’t like to be shown wrong,” muttered Ed, darkly.

One project the team was working on required a website so a domain name was needed. This was a first for the lab, and while the skills were in place to code up the site, actually registering a domain name was an entirely new experience for the department.

“So the PA came to me and asked if I knew how to do that. It happened that I was very familiar with the process, since I had registered myself multiple domain names.”

Excellent. Ed trotted off the PA’s office and went through the procedure. “Since I knew I would not be the one managing the domain name (he would, of course), I was careful to suggest a registrar offering a very user-friendly dashboard for DNS configuration,” he told us.

Back then, such wizardry was not standard. “I remember actually having to call to change my DNS settings with my first registrar in the mid ’90s,” Ed said. Luckily for the PA, things had moved on in the years since.

Ed went through the steps up until an option was reached to lock the domain name. The cost was a dollar (“this option was not always free at the time,” recalled Ed) and the PA grumpily complained about it. Why should he pay for it? Ed patiently explained that it was a safety measure against domain name theft and, frankly, a small price to pay when one considered the consequences of a hijack.

Harrumph. The PA reluctantly agreed and checked the box. Sorted.

“He hushed me away,” said Ed, “looking excited to be what apparently felt to him like being the captain of a new spaceship within the interwebs space.”


Sadly, the voyages of Starship Interweb were short-lived, and a few months later Ed got The Call. The PA was very unhappy – he’d received an instruction for an urgent procedure regarding the domain name, but couldn’t execute it. And it was all Ed’s fault.

Ed rushed to his aid. “At first, looking at his screen,” he said, “I had no idea what he was trying to do.”

He asked to see the instructions. Ah

What the PA had received was a scam message. It requested he make a change, the upshot of which would be to transfer control of the domain to the scammers. All that had stopped him from executing it had been that domain lock. The option that he had complained about selecting.

As a seasoned professional, Ed was able to maintain composure and conceal his glee as he explained how close the PA had come to transferring the domain to the scammers.

“As understanding dawned on him,” said Ed, “the blood drained from his face before he turned around and told me I could leave, which I did promptly, in awkward silence.”

Nothing was spoken about the incident ever again. Not the angry call for help, nor the scammer’s request. While the fiction that nothing had happened was maintained for years, we’d like to think that the taste of humble pie remains.

Ever helped out and received an angry call that nothing was working and it was all your fault? Or extracted a boss from some potentially hot water with your sole reward being the knowledge that only you and he know the muppetry that almost happened? Share your moment with an email to On Call. ®