ICANN’s New System of Naming Web-Addresses could Increase Phishing Scams

ICANN (Internet Corporation for Assigned Names and Numbers), the agency that manages the domain name system associated with web-addresses, is considering approving non-Latin alphabets in international domain names; however, security researchers suspect that such domain names could facilitate the launch of fresh phishing assaults.

Albeit several nations rejoice the new system of web-addresses based on local dialect characters, the Anti-Phishing Working Group (APWG) recently said that the use of characters that are non-Latin could facilitate cyber fraudsters in spoofing genuine Internet sites using similar characters.

To cite an instance, APWG said that an imposter site imitating paypal.com could utilize a Cyrillic "a" rather than an ASCII "a", meaning that the phishing site's address, despite of being technically different, would be similar enough to trick users.

According to President and CEO of ICANN, Rod Beckstrom, there are a number of 'consumer' and 'business' related challenges, which need to be handled prior to introducing the new top-level domains (TLDs), reported Thestandard.com on October 27, 2009.

Further, according to Steve DelBianco, CEO, NetChoice, consumers and businesses that easily fall prey to phishing attacks, now apprehend that the situation would get worse in case ICANN enlarges the space reported thestandard.com on October 27, 2009. NetChoice is an association of e-commerce firms and trade groups that promotes e-commerce issues.

Security specialists noted that the prime worry that emerges is regarding leading international companies' protection of brands, which think that with the new "generic TLDs", companies could gather rent as they would have to shift to defensive purchasing of domains against mal-intentioned people.

Expressing his comments on this issue, Nora Nanayakkara, Business Development Director at Sedo (a marketplace where websites and domain names are traded), too said that it is necessary to take the security measures seriously as the incidental differentiation among two site addresses based on the form of the same alphabetical characters could give cyber-criminals an opportunity to exploit the casual website visitors, reported webuser.co.uk on October 30, 2009.

While there is no instance of phishers exploiting in the way mentioned above, creation of new web-addresses could open scope for such instances.

Related article: ICANN Suggests Introduction of Banking Domain to Reduce Phishing Impact

» SPAMfighter News - 11/10/2009