tssci security

Open Letter to Domain Registrars

Get right down to it! F-Secure has posted this letter asking domain registrars to double-check the names people register for domains to help combat phishing. The example they give is just one of many that go wild:

Like, say, somebody trying to register a .com domain with the words "ebay" and "sign in" in it? Isn't it pretty obvious that something might be going on here?

You see, yesterday somebody did just that.

Mr. "Craig Smith" from Kilwinning in the UK registered a domain name called "signin-ebay-c.com" with directNIC. Right now, he's running a phishing site on it...

...you can contact Mr. Smith at the phone number he left in his registration data: 1231432311. That sounds pretty real. I'm sure his credit card is his own, too.

Hopefully we get a response soon, and see what the registrars have to say. It'd be nice to not have to deal with the many phishing sites there are today by simply not allowing registration of domain names. Not only that, but the fact that the domain name infringes on Ebay's trademark.

Posted by Marcin on Tuesday, December 5, 2006 in Links and Security.

blog comments powered by Disqus
blog comments powered by Disqus