Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Fake AT&T Wireless Bill Notification | Main | Facebook is Now 419-Worthy »

May 16, 2012

Irresponsible Domain Name Management

In this day and age, I fail to understand how a major .com domain registrar can allow an individual claiming a physical address in Germany (and a yahoo.de email address) to register a domain name that includes "bankofamerica". The pattern for the name is "bankofamerica-??.com", where "??" is a two-letter combination.

It allowed a phisher to include the following URL in a message today (two letters disguised by ??):


The URL was both readable in the clear and identical in the rollover tooltip test. I'm sure a fair number of recipients will short-circuit their wariness upon seeing the "sitekey.bankofamerica" part.

Even if the real BofA gets the domain revoked (it was registered way back earlier this morning), the damage will have been done.


Posted on May 16, 2012 at 10:20 AM