Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers, a security company charged Friday.
Finnish-based F-Secure has identified more than 30 registered domain names for resale on Cambridge, Mass.-based Sedo that would be of interest only to the legitimate holder of the trademark or to phishers, criminals who try to dupe consumers into divulging personal information by enticing them to fake Web sites. Among the domains: citi-bank.com, bankofameriuca.com, americanexpresscredicard.com, mastercarding.com, and visacardcredit.com.
"Why would anybody want to buy these domains unless they are the bank themselves -- or a phishing scammer?" wrote Mikko Hypponen, F-Secure's chief research officer, in an alert on the company's site.
In its search of Sedo, F-Secure also found domain names for resale that use the accent characters "" and "" in place of the normal "a" or "i" to create "highly deceptive" URLs like vsa.com, p'ypal.com, and payp'l.com.
Sedo said that while it has a process in place to pull domain sales that violated trademarks, it was the trademark holder's responsibility to file a request. "We have more than six million domains for sale," said Jeremiah Johnston, Sedo's general counsel. "It's impossible for us to proactively filter sales."
Citing Sedo as a "neutral platform" for selling similar to eBay, Johnston said his company wants to "balance the rights of all users" and added that at times, trademark owners "harass a lot of legitimate domain owners."
In the case of "citi-bank.com," however, Johnston said the domain "sounds like a good example" of the type that would be pulled from its Sedo listing if the trademark owner -- in this case, Citibank Group -- contacted it with an objection.
Criminals often use misspelled and deceptive domain names for their bogus Web sites to fool users. Registrations of domains that closely resemble large financial institutions are common for that reason. Last March, for example, F-Secure identified nearly 500 domain names on variations of "citibank" and over 400 on versions of "bankofamerica."
According to a WHOIS search, the citi-bank.com domain that F-Secure spotted for sale on Sedo was registered to a Beverly Hills, Calif. mailing address. The phone number listed for the domain registration is for directory assistance in the 310 area code.
|
10 Challenges That HP Wants Partners To Tackle Right Now CRN speaks with HP's business unit chiefs to get a sense of where they'd like partners to focus in the coming year, as well as how CEO Meg Whitman is making a difference. |
|
VAR500: IBM Strikes Deal With Ukraine Bank; HP Bolsters Health-Care Practice CRN VAR500 solution providers win health-care contracts, work on European banking solution, create a platform for microlending, sharing info on cloud computing and more. |
|
Five Companies That Dropped The Ball This Week For the week ending Feb. 3, CRN looks at five companies that were either asleep at the wheel or just didn't make good decisions. |
 More
Slide Shows |
