‘Domain Registration Companies’ Urged to Stop Bad Domains
Asking 'domain-name registration companies' to be more forceful in stopping phishing sites from even entering the Internet, security analyst 'F-Secure' suggests they check particulars of the person registering details.
F-Secure desirous of curtailing phishing sites has issued an open letter to the 'domain registration industry' to be pro-active in withholding the registration of domains clearly targeting to become phishing sites. The security company observes that many of the contact details for the phishing domains are hoax, and therefore, in the letter has urged 'domain registration agency' to decline the registration of such bad domains.
The security company has identified a recent registration of "signin-ebay-c.com", which found with registration for variants in thousands of names of well-known banks.
These kinds of domain names obviously intend to operate as phishing sites. Hackers use these phishing sites to try to lure people into submitting login information and personal data on them that imitate legitimate and protected sites.
Hypponen takes the example of this newly registered domain that loudly misuses eBay's trademark, 'signin-ebay-c.com' to suggest that registrars should be more responsible with registrations rather than just collecting their fees.
This illegitimate site tells the browsers to enter their eBay login names and passwords and then with the help of an unsecured e-mail type at www.statesmanjournal.com to send the details through e-mail to the e-mail address: firstname.lastname@example.org, which actually belongs to the attacker.
It, therefore, is more sensible for a registrar to block such obvious registrations having malicious intent. It would be worthwhile to have a real person assess and approve them before they pass through. At least checking the domain being registered to can be helpful in an instance where it is really an imaginary person.
There is probability of phishing losses of around $2.8 billion in 2006. Some security experts are wondering if 'Internet domain name registrars' and resellers are responsible for that. It is also important to ponder if they should allow traffic in 'bank-related trademarks' that have the obvious purpose to promote 'deceptive marketing schemes' or significant 'phishing scams'.
The fake eBay site installs notorious software on a victim's PC when he/ she tries to download music files.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 13-12-2006