« Fake AT&T Wireless Bill Notification | Main | Facebook is Now 419-Worthy »
| Home | The Book | Training | Events | Tools | Stats |
Web log archive.
A Dispatch
May 16, 2012
Irresponsible Domain Name ManagementIn this day and age, I fail to understand how a major .com domain registrar can allow an individual claiming a physical address in Germany (and a yahoo.de email address) to register a domain name that includes "bankofamerica". The pattern for the name is "bankofamerica-??.com", where "??" is a two-letter combination.
It allowed a phisher to include the following URL in a message today (two letters disguised by ??):
http://sitekey.bankofamerica-??.com/sas/?signonScreen.do
The URL was both readable in the clear and identical in the rollover tooltip test. I'm sure a fair number of recipients will short-circuit their wariness upon seeing the "sitekey.bankofamerica" part.
Even if the real BofA gets the domain revoked (it was registered way back earlier this morning), the damage will have been done.
Sheesh.
Posted on May 16, 2012 at 10:20 AM