Home / Blogs

Domain Name Resale Market a Haven for Phishers?

In a recent article at TechWeb, the following observations were made:

Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers, a security company charged Friday.

Finnish-based F-Secure has identified more than 30 registered domain names for resale on Cambridge, Mass.-based Sedo that would be of interest only to the legitimate holder of the trademark or to phishers, criminals who try to dupe consumers into divulging personal information by enticing them to fake Web sites. Among the domains: citi-bank.com, bankofameriuca.com, americanexpresscredicard.com, mastercarding.com, and visacardcredit.com.

“Why would anybody want to buy these domains unless they are the bank themselves—or a phishing scammer?” wrote Mikko Hypponen, F-Secure’s chief research officer, in an alert on the company’s site.

In its search of Sedo, F-Secure also found domain names for resale that use the accent characters “” and “” in place of the normal “a” or “i” to create “highly deceptive” URLs like vsa.com, p’ypal.com, and payp’l.com.

Originating blog post is located here.

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

Related

Topics

Domain Management

Sponsored byMarkMonitor

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPXO

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign