Feeds

ICANN urged to cut phishing trawl with banking domain

.Safe harbour

The Essential Guide to IT Transformation

Security watchers are calling on net governance body ICANN to adopt a new top level domain name to be used exclusively by registered banks and financial organisations.

A .safe or .sure domain name would give consumers increased piece of mind that they are dealing with a legitimate financial institution while potentially making it easier to identify rogue sites.

If ICANN introduced a .safe domain (or .sure or .bank), which could only be used by registered financial institutions, it would allow security providers to create better software to protect the public, according to F-Secure.

The idea has been in existence for some time, but the massive rise in phishing attacks over recent months has renewed interest. According to figures from UK banking organisation APACS released earlier this month, online banking fraud losses in the UK alone came to £33.5m in 2006, up from £23.2m in 2005. This 44 per cent year-on-year increase was largely driven by an increase in phishing incidents, which went up from 1,713 in 2005 to 14,156 last year.

"While a .safe domain name won’t prevent phishing attacks, it will help banks and security providers to keep their customers safe,” said Mikko Hyppönen, chief research officer at F-Secure. "Using a secure domain name such as .safe will give customers the reassurance they need when banking online.

"It’s true this will mean banks have to pay a premium to be able to use the domain name, but it will reduce the number of successful phishing sites that have been tricking many customers out of their hard earned cash," Hyppönen continued.

Recent months have seen the launch of numerous services and enhancements to browser software packages and searching sites designed to warn users that they might be visiting dodgy domains. Hyppönen reckons these efforts are all well and good but don't go far enough. "Right now, customers have no good way of automatically being able to tell whether or not a bank website belongs to the bank," he said.

A .safe domain only available to financial institutions would be comparable to top level domains such .gov, which is only available to government institutions. Anecdotal evidence suggests this approach might lead to a more controlled environment for internet banking. A recent study based on results from SiteAdvisor, a free "safe searching" tool from McAfee that catalogues and warns users about unsafe sites, found that .gov was the only tested domain for which SiteAdvisor found no risky sites. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.