Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


Domain name phishing schemes a growing problem

Google
Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

December 5, 2006

More and more today, protecting your company’s reputation and name now means going beyond the physical world and into the digital one. In the Internet world, an organization’s domain name is the key to its Web presence.

Protecting that name is becoming ever more critical as domain name phishers continue to spoof users by utilizing domains that very closely looks like popular corporate domains.

Many of these "fraudster domains" are available for sale on some domain name registrar sites such as Sedo.com and Moniker.com, according to Mikko Hypponen, chief research officer at Helsinki-based Internet security firm F-Secure Corp.

These sites often act as a middleman for people who have registered these domains, only to put them up for sale to the highest bidder.

“There is nothing wrong in reselling cool domains like tractors.com, filmlist.com or 4fares.com to anyone who wants to buy them,” wrote Hypponen on his F-Secure blog. “But how about reselling domains that obviously belong to banks or other financial institutions?”

Internet domain names such as citi-bank.info, americanexpresscredicard.com and visacard.us were just some of the domains being resold at Sedo.com, and there's a lot more...

The more obvious purpose for buying such domains, said Hypponen, is to conduct phishing scheems that trick users into believing that these are legitimate sites of their financial institutions.

This practice is easy to carry out, since the domain registration process doesn’t usually include stringent background checks.

Whether the person or entity registering a domain can pay for it is frequently the only criteria involved, explained the F-Secure executive in an interview with ComputerWorld Canada.

The process is different with top-level domains such as .gov or .mil, however, which usually involves background checking and verification of legitimacy before any such domain extension can be granted, said Hypponen.

Firms such as Sedo.com and Moniker.com of Pampano, Fla., operate in an industry that brings in an estimated US $1 billion in registration fees annually. The registration price is usually US $10 but some names can easily resell for over six times that amount, such as Cameras.com which Moniker sold for US$1.69 million a few months ago.

While the potential for fraud exists, it isn't the job of domain resellers to go after phishing operators, according to Monte Cahn, president and CEO of Moniker.com.

The firm handles some 1.5 million domain names. “It’s not our job to police the industry,” he said.

The domain reseller, however, said they have policies in place to ensure that complaints against spam and fraud are investigated. “If we receive a complaint we investigate, and if evidence warrants, point out the site to authorities.”

F-Secure’s Hypponen suggests that organizations, especially financial institutions that have an online presence, should remain vigilant on the Web.

“One way to safeguard (your company) is to try to monitor the list of newly registered domains or domains that are being resold (on the Web), for example, searching your own company name at a site like Sedo.com. And if you see these things being sold, buy them,” said Hypponen.

This may not be the most ideal solution, but it can be a short-term remediation to the problem, he added. The price for second-hand domains sold on reseller sites range from $100 to several thousand dollars.

As always, user education is vital to maintaining your business’s online integrity and the more informed your customers are about the risks of phishing attacks, the smarter they will be about their Internet transactions.

“Make sure that [your users] know the right URL and…not to follow links from e-mails,” said Hypponen, noting that banks today are “doing a pretty good job” in educating their customers.

There are also some legal remedies that Canadian organizations can resort to if they believe their name is illegitimately being used for unscrupulous deeds on the Internet, according to Toronto lawyer Jason Young, an associate at Deeth Williams Wall LLP.

The dispute resolution process of the Canadian Internet Registration Authority can be an avenue for companies to file complaints against individuals or entities trying to imitate their names on the Web, Young said.

Firms bringing the complaint must be able to prove three things: that the domain in question is “confusingly similar to the complainant’s mark;” that the registrant in question was acting in bad faith at the time of registration, such as whether he or she registered the domain with the purpose of selling it; and that the registrant has no rights in Canada.

“If the registrant has a legitimate reason for registering that domain name, they still may, in the end, be successful in keeping it,” Young explained. For instance, by using a company’s acronyms in its domain name, such as CIBC for the Canadian Imperial Bank of Commerce and BMO for Bank of Montreal, there’s a good chance these firms will have a similar domain name as another legitimate organization with the same acronym.

Many of the complaints in Canada, however, end up getting settled before they go into the formal dispute resolution process to save both parties time and money, said Young.

Source: IT World Canada

Google


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer