Registrars and citibank-site.com
p2p news / p2pnet: When someone in Nigeria, say, wants to register a domain starting with the name of a well known bank, why are registrars so willing to oblige?
Excellent question, and it’s posed by F-Secure director of research Mikko Hyppönen on the company’s blog.
With that in mind, he decided to tally the number of less than credible com/net/org/us/biz/info top-level domains, and the results are interesting, to say the least.
- citibank, 497
- bankofamerica 407
- lloyds 994
- bnpparibas 41
- egold 691
- hsbc 1,258
- chase 6,470
- paypal 1,634
- ebay 8,057
Hyppönen lists a long string of dodgy looking citibank urls, adding:
” Some of these probably are perfectly legitimate. Others probably are not…like citibank-account-updating.com, registered last Friday to Ms. Evelyn Musa in Arlington, VA?”
And here’s a spam-scam email p2pnet received, together with the usual batches of lottery win announcements and offers to make us rich beyond our wildest dreams for a small initial outlay:
Dear E-Gold member,
As a part of our continuing commitment to protect your account and to reduce the instance of fraud on or [sic] website, we are undertaking a period of review of our member accounts.
This email was sent by the E-Gold server to verify your e-mail address. You must complete this process by clicking on the link below and logging in into your E-Gold account. This is done for your Portection [sic], becouse [sic] some of our members no longer have access to their email accounts.
This is required for us to continue to offer you a safe and risk free environment to send and receive money online and maintain the experience.
As outlined in our User Agreement, E-Gold will periodicaly [sic] send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.
Click Here http://www.ferrum.com.mx/egold/
Thank You,
Accounts Management
Thank you for using E-Gold
Do not reply to this automatic email.
Also See:
blog – TYPE-YOUR-CREDIT-CARD-NUMBER-HERE.COM is available for registration!, March 30, 2006
March 30th, 2006 at 6:10 pm
At first glance it might appear that not allowing registration of a well known bank name is a good idea, but the question is that of enforcement. Recently I reregistered my domain. To my surprise registration and routing took less than 24 hours. I imagine that to get his kind of response that the domain name was not filtered for acceptablity.
I’m not sure what kind of volume that registrars encounter for new domain registrations, but I wonder how filtering would work. Do you flag a known name, such as Citibank, and hold it for further investigation? What if the Nigerian scammer tries to register Citisbank? What happens when Citibank does register a domain that they’re entitled to register?
March 30th, 2006 at 8:09 pm
I don’t think it’s the job of the registrar to enforce similar names, trademark issues, and so on. That would be a major pain in the ass if they started meddling.
A site like whois.sc offers a Mark Alert service for domain names, which a big company should subscribe to.
http://www.whois.sc/mark-alert/sample-report.html
March 31st, 2006 at 8:10 pm
When you get an account the bank supply you with a legitimate URL to their site.
If you dumb enough to give your personal data to some http://www.citybank-givemeERmoney.com it’s your problem.