CrunchGear

one word: “GENIUS”

It’s sort of like raising the prices of bullets to $5k/bullet in an effort to lower fatal shootings. :)

Actually, take a look at this (Crunchgear) article:
http://crunchgear.com/2006/10/19/domain-name-%D0%BC%D1%83%D1%95%D1%80%D0%B0%D1%81%D0%B5com-for-sale-affordable/

I’d have to guess that people fall for phishing email scams because they’re undereducated about computer security, and/or they’re careless. A new top-level domain will do nothing to remedy that… Worse still, it could make those same people even *more* careless; if they’re told “only legitimate banks will have ‘.bank’ in their address,” once they see “www.yourbankname.bank” in a fraudulent email, they’ll assume “this one must be real - it has ‘.bank’ in it.”

I’ve seen PIN numbers written on the backs of debit cards, I’ve seen passwords written on Post-It Notes affixed to monitors, and I’ve seen countless news stories about people who sent their life savings to deposed Nigerian royalty millionaires… A “.bank” URL will not help these people.

Won’t help. Not one bit.

1) people don’t understand URL’s - the same phishing attacks that work against citibank.com today will work against citibank.bank.

2) only tries to fix one small issue with a problem that has a dozen different attack vectors - (e.g. doesn’t fix dns poisoning)

3) although its meant to be an arbitrary number 50k is a lot of money for one or two retail outlet credit unions or banks

The phishing e-mail I get has URLs that don’t look anything like the right URL.

If this scam… er, scheme goes ahead, I’ll get phishing e-mail that doesn’t look like a .bank URL, instead of phishing e-mail that doesn’t look like a .com URL. Whoop-de-doo.

Somehow, I doubt that’ll stop Joe MSNer from providing his bank login and password to a random web site in China. I mean, if he was checking URLs, he wouldn’t be falling for phishing scams right now.