IoT
News
News
10/27/2006
10:43 PM
50%
50%
RELATED EVENTS
File Sharing can be Risky to your Business - Is Your Company at Risk?
May 12, 2016
According to Secure Sharing of Intellectual Property, a January 2016 commissioned study conducted ...Read More>>

Phishing Domain Resale Market Booms

Security researchers at F-Secure have identified more than 30 registered domain names for resale on Sedo that would be of interest only to the legitimate holder of the trademark or to phishers, F-Secure says.

Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers, a security company charged Friday.

Finnish-based F-Secure has identified more than 30 registered domain names for resale on Cambridge, Mass.-based Sedo that would be of interest only to the legitimate holder of the trademark or to phishers, criminals who try to dupe consumers into divulging personal information by enticing them to fake Web sites. Among the domains: citi-bank.com, bankofameriuca.com, americanexpresscredicard.com, mastercarding.com, and visacardcredit.com.

"Why would anybody want to buy these domains unless they are the bank themselves -- or a phishing scammer?" wrote Mikko Hypponen, F-Secure's chief research officer, in an alert on the company's site.

In its search of Sedo, F-Secure also found domain names for resale that use the accent characters "" and "" in place of the normal "a" or "i" to create "highly deceptive" URLs like vsa.com, p'ypal.com, and payp'l.com.

Sedo said that while it has a process in place to pull domain sales that violated trademarks, it was the trademark holder's responsibility to file a request. "We have more than six million domains for sale," said Jeremiah Johnston, Sedo's general counsel. "It's impossible for us to proactively filter sales."

Citing Sedo as a "neutral platform" for selling similar to eBay, Johnston said his company wants to "balance the rights of all users" and added that at times, trademark owners "harass a lot of legitimate domain owners."

In the case of "citi-bank.com," however, Johnston said the domain "sounds like a good example" of the type that would be pulled from its Sedo listing if the trademark owner -- in this case, Citibank Group -- contacted it with an objection.

Criminals often use misspelled and deceptive domain names for their bogus Web sites to fool users. Registrations of domains that closely resemble large financial institutions are common for that reason. Last March, for example, F-Secure identified nearly 500 domain names on variations of "citibank" and over 400 on versions of "bankofamerica."

According to a WHOIS search, the citi-bank.com domain that F-Secure spotted for sale on Sedo was registered to a Beverly Hills, Calif. mailing address. The phone number listed for the domain registration is for directory assistance in the 310 area code.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
2016 InformationWeek Elite 100
Our 28th annual ranking of the leading US users of business technology.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of April 24, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.