Something's phishy about these domain names

High value monikers is not the only way big bucks are being made in the domain name industry

What's in a [domain] name? Probably a few million dollars if you've bothered to register a highly bankable one.

For instance, Diamonds.com fetched a cool US$8.5 million this year.

However, selling high value monikers is not the only way big bucks are being made in the domain name industry.

Online scammers may be raking in the green by using deceptive domain names for phishing operations, according to a Finnish tech security firm.

F-Secure of Helsinki says if someone is interested in purchasing domain names mimicking the URLs of well known online merchants, auction sites, banks or financial institutions -- chances are that someone is a scamster.

The only reason one would want to buy a domain name such as paypal.com or paypal.com (an accented version of the famous online payment service's URL) is if you wanted to use this moniker in a phishing or some other scam, F-Secure argues.

Several such domain names -- that are accented versions of existing financial and online payment companies -- are available for purchase on the site of domain name reseller site Sedo.com.

The Cambridge, Massachusetts, company also lists domains such as chasebank-online.com, citi-bank.com and bankofameriuca.com.

"Potentially, phishing operators can use these domain names to set up sites that can fool people into releasing personal and financial information," said David Frazer, director of technology services for F-Secure.

Some surveys estimate that around 1.2 million consumers in the United States lost over US$1.5 billion in phishing scams last year. Frazer said during the first half of 2006, German banks racked up more than US$130 million in losses to phishers.

He said the scam operators use a combination of social engineering and technology to fool elderly or non-tech savvy consumers who visit sites that mimic those of legitimate businesses. Once on the site, users are duped into releasing passwords, or other personal data.

Online fraud, such as phishing operations, is deterring many consumers from conducting transactions over the Web.

Frazer said it's very hard for authorities to launch legal action against these types of operations because there are no laws against buying and selling such domain names. "There is nothing wrong or illegal about registering and speculating on domain names."

Firms such as Sedo.Com and Moniker.Com of Florida, operate in an industry that brings in an estimated US$1 billion in registration fees annually. The registration price is usually US$10 but some names can easily resell for over six figures such as Cameras.com which Moniker sold for US$1.69 million recently.

The potential for fraud exists, but it is not the job of domain resellers to go after phishing operators according to Monte Cahn, president and CEO of Moniker.Com. The firm handles some 1.5 million domain names. "It's not our job to police the industry," said Cahn.

The domain reseller, however, said they have policies in place to ensure that complaints against spam and fraud are investigated. "If we receive a complaint we investigate and if evidence warrants, point out the site to authorities."

Frazer said a blogger on F-Secure's site also suggested that companies use of "top-level" domain names.

For instance, he noted that the Smithsonian Institution in Washington uses "si.edu/museums" on its site rather than .com. ".Com is open for the public to use. Top-level domain names such as /museum requires special registration."

In Canada, the Ontario Privacy Commission has endorsed software industry initiatives to combat identity theft.

Unless governments come up with legislation to deal with the problem, Frazer said, it's unlikely that domain resellers will take any action.

For now it boils down to a moral question Frazer said. "If you think a name you are registering or selling might be used for fraud, perhaps you should stop."

Join the newsletter!

Error: Please check your email address.

More about BillionFinancial InstitutionsF-SecurePayPalSmithsonian Institution

Show Comments

Market Place