Know something we should know? E-mail us your tips! We respect anonymity. »
An End To Bank-related Phishing
by Vince Veneziani on May 8, 2007

There’s no doubt that phishing has become a huge problem. If you legitimately bank online, use Paypal, or have an eBay account, it’s beyond my comprehension how you manage to tell the real e-mails and fake e-mails apart. But Mikko over at F-Secure has what seems like a foolproof plan to counter bank-related phishing scammers. Make a new top level domain called .bank.

This new domain would be exclusively available to banks and financial institutions only. To top it off, these domains would not cost $8.95 at GoDaddy. Mikko suggests a high price tag around the $50,000 mark to ensure that only legit businesses or really rich scammers can purchase a domain. Banks would pay the 50k premium in no time to ensure that customers can log on to their sites securely. I think this idea is a surefire way to fight phishing. Your thoughts?

Masters of Their Domain [Foreign Policy via Slashdot]

Comments rss icon

  • It’s sort of like raising the prices of bullets to $5k/bullet in an effort to lower fatal shootings. :)

    Actually, take a look at this (Crunchgear) article:
    http://crunchgear.com/2006/10/19/domain-name-%D0%BC%D1%83%D1%95%D1%80%D0%B0%D1%81%D0%B5com-for-sale-affordable/

  • I’d have to guess that people fall for phishing email scams because they’re undereducated about computer security, and/or they’re careless. A new top-level domain will do nothing to remedy that… Worse still, it could make those same people even *more* careless; if they’re told “only legitimate banks will have ‘.bank’ in their address,” once they see “www.yourbankname.bank” in a fraudulent email, they’ll assume “this one must be real - it has ‘.bank’ in it.”

    I’ve seen PIN numbers written on the backs of debit cards, I’ve seen passwords written on Post-It Notes affixed to monitors, and I’ve seen countless news stories about people who sent their life savings to deposed Nigerian royalty millionaires… A “.bank” URL will not help these people.

  • Won’t help. Not one bit.

    1) people don’t understand URL’s - the same phishing attacks that work against citibank.com today will work against citibank.bank.

    2) only tries to fix one small issue with a problem that has a dozen different attack vectors - (e.g. doesn’t fix dns poisoning)

    3) although its meant to be an arbitrary number 50k is a lot of money for one or two retail outlet credit unions or banks

  • The phishing e-mail I get has URLs that don’t look anything like the right URL.

    If this scam… er, scheme goes ahead, I’ll get phishing e-mail that doesn’t look like a .bank URL, instead of phishing e-mail that doesn’t look like a .com URL. Whoop-de-doo.

    Somehow, I doubt that’ll stop Joe MSNer from providing his bank login and password to a random web site in China. I mean, if he was checking URLs, he wouldn’t be falling for phishing scams right now.

Leave Comment

Commenting Options

Enter your personal information to the left, or sign in with your Facebook account by clicking the button below.

Alternatively, you can create an avatar that will appear whenever you leave a comment on a Gravatar-enabled blog.

bugbug
  • MediaTemple Logo
  • QuickSprout Logo
  • OpenX Logo
  • Cotendo Logo