Domain Resale Market Is Phisher Heaven 120
Krishna Dagli writes "Finish security firm F-Secure has discovered that alongside the sale of such innocuous domains as filmlist.com comes the resale of domains that obviously belong to banks or other financial institutions. Sedo.com, for example, is reselling domains like chasebank-online.com, citi-bank.com and bankofameriuca.com. 'Why would anybody want to buy these domains unless they are the bank themselves — or a phishing scammer?,' F-Secure asks."
Not going to happen (Score:3, Interesting)
Anyway, I wouldn't count on the registrars changing their business model just because there are stupid people out there.
Obvious Problem (Score:2, Interesting)
Cybersquatters... (Score:3, Interesting)
Re:The economics of pre-emptive domain grabs (Score:2, Interesting)
Lets say you are citibank, you own citibank.com, and your forward citybank.com. Your "setting the expectation" that a forward will happen, in the customers mind. When they go to city-bank.com, and it looks the same, to them, as citybank or citibank (but it's actually phisher owned), they're sunk.
What NEEDS to happen instead, if registering alternate spellings or typos is part of a security strategy, you need to inform the customer on that page with an informative message. "You appear to be looking for citibank.com. To prevent fishing, citibank has registered this and several other names. Please type 'citibank.com' into your browser address bar to continue."
Why no click through link? Whats to keep the fisher from making a fake "bad domain name page" linking to their site? Then they've got you hook, line, and sinker...