Slashdot Mirror

← Back to Stories (view on slashdot.org)

Domain Resale Market Is Phisher Heaven

Posted by ryuzaki0 on from the big-shock-here dept.

Krishna Dagli writes "Finish security firm F-Secure has discovered that alongside the sale of such innocuous domains as filmlist.com comes the resale of domains that obviously belong to banks or other financial institutions. Sedo.com, for example, is reselling domains like chasebank-online.com, citi-bank.com and bankofameriuca.com. 'Why would anybody want to buy these domains unless they are the bank themselves — or a phishing scammer?,' F-Secure asks."

2 of 120 comments (clear)

  1. Re:Who are you? The fucking thought police? by onion2k · · Score: 2, Informative

    I'm not sure I agree. There are 4 reasons someone other than Bank of America might purchase bankofameriuca.com:

    1. They're phishing.
    2. They're typo-squatting in the hope of selling it to Bank of America.
    3. They're link farming/click farming hoping for lots of typo hits.
    4. Their name happens to be Banko F. Ameriuca. ;)

    In all cases there's no legal compulsion for Sedo to keep the domain out of any one person's hands. It's got nothing much to do with them. However, there is an ethical obligation on the part of Bank of America. They should be looking after their customers and making it difficult for phishers to try and sting them. Bank of America should have bought up all likely typos of their primary domain. If I had an account with them I would consider moving it. If they're willing to risk people losing out to phishing attacks to save the few dollars a domain costs to keep then they must be doing pretty damn badly, or they must not care much about my custom.

    --
    http://twitter.com/onion2k
  2. Re:Obvious Problem by Threni · · Score: 2, Informative

    > You'd still have the Budwiser problem, in that there are two Budwisers beers, one out of Czech Republic and one out of St. Louis,
    > MO. They both can legally use the name Budwiser (in certian markets) since originally thier markets did not overlap at all. Who
    > would legally get the domain name?

    They'd both be legal in their own countries. If I'm in the Czech Republic I could still use the guaranteed safe-from-phishing Budwiser.us.tm, in addition to the local Budwiser.cz.tm. It's not about `there can be only one` - just that as long as you could trust the people doing the certification in a given country, you could trust all the .tm domains there.

    >And what about common names like Yellow? Would it go to Yellow Cab? Yellow Pages? Yellow Roadway? All of them at some point used
    >Yellow as their "name".

    I'm not suggesting a mapping of `yellow` to one domain. Yellow cab could get "yellowcab.uk.tm", Yellow pages could get "yellowpages.uk.tm" etc, assuming they owned those trademarks.

    >Trademarks can be used in multiple places for multiple reasons. The sorting out over multiple jursidictions would be a nightmare. It
    >already is just for the trademarks.

    As I've said, it'd be per jurisdiction.