TechWeb

Phishing Domain Resale Market Booms

Oct 27, 2006 (06:10 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=193500095


Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers, a security company charged Friday.

Finnish-based F-Secure has identified more than 30 registered domain names for resale on Cambridge, Mass.-based Sedo that would be of interest only to the legitimate holder of the trademark or to phishers, criminals who try to dupe consumers into divulging personal information by enticing them to fake Web sites. Among the domains: citi-bank.com, bankofameriuca.com, americanexpresscredicard.com, mastercarding.com, and visacardcredit.com.

"Why would anybody want to buy these domains unless they are the bank themselves -- or a phishing scammer?" wrote Mikko Hypponen, F-Secure's chief research officer, in an alert on the company's site.

In its search of Sedo, F-Secure also found domain names for resale that use the accent characters "" and "" in place of the normal "a" or "i" to create "highly deceptive" URLs like vsa.com, p'ypal.com, and payp'l.com.

Sedo said that while it has a process in place to pull domain sales that violated trademarks, it was the trademark holder's responsibility to file a request. "We have more than six million domains for sale," said Jeremiah Johnston, Sedo's general counsel. "It's impossible for us to proactively filter sales."

Citing Sedo as a "neutral platform" for selling similar to eBay, Johnston said his company wants to "balance the rights of all users" and added that at times, trademark owners "harass a lot of legitimate domain owners."

In the case of "citi-bank.com," however, Johnston said the domain "sounds like a good example" of the type that would be pulled from its Sedo listing if the trademark owner -- in this case, Citibank Group -- contacted it with an objection.

Criminals often use misspelled and deceptive domain names for their bogus Web sites to fool users. Registrations of domains that closely resemble large financial institutions are common for that reason. Last March, for example, F-Secure identified nearly 500 domain names on variations of "citibank" and over 400 on versions of "bankofamerica."

According to a WHOIS search, the citi-bank.com domain that F-Secure spotted for sale on Sedo was registered to a Beverly Hills, Calif. mailing address. The phone number listed for the domain registration is for directory assistance in the 310 area code.