Feeds

ICANN urged to cut phishing trawl with banking domain

.Safe harbour

Beginner's guide to SSL certificates

Security watchers are calling on net governance body ICANN to adopt a new top level domain name to be used exclusively by registered banks and financial organisations.

A .safe or .sure domain name would give consumers increased piece of mind that they are dealing with a legitimate financial institution while potentially making it easier to identify rogue sites.

If ICANN introduced a .safe domain (or .sure or .bank), which could only be used by registered financial institutions, it would allow security providers to create better software to protect the public, according to F-Secure.

The idea has been in existence for some time, but the massive rise in phishing attacks over recent months has renewed interest. According to figures from UK banking organisation APACS released earlier this month, online banking fraud losses in the UK alone came to £33.5m in 2006, up from £23.2m in 2005. This 44 per cent year-on-year increase was largely driven by an increase in phishing incidents, which went up from 1,713 in 2005 to 14,156 last year.

"While a .safe domain name won’t prevent phishing attacks, it will help banks and security providers to keep their customers safe,” said Mikko Hyppönen, chief research officer at F-Secure. "Using a secure domain name such as .safe will give customers the reassurance they need when banking online.

"It’s true this will mean banks have to pay a premium to be able to use the domain name, but it will reduce the number of successful phishing sites that have been tricking many customers out of their hard earned cash," Hyppönen continued.

Recent months have seen the launch of numerous services and enhancements to browser software packages and searching sites designed to warn users that they might be visiting dodgy domains. Hyppönen reckons these efforts are all well and good but don't go far enough. "Right now, customers have no good way of automatically being able to tell whether or not a bank website belongs to the bank," he said.

A .safe domain only available to financial institutions would be comparable to top level domains such .gov, which is only available to government institutions. Anecdotal evidence suggests this approach might lead to a more controlled environment for internet banking. A recent study based on results from SiteAdvisor, a free "safe searching" tool from McAfee that catalogues and warns users about unsafe sites, found that .gov was the only tested domain for which SiteAdvisor found no risky sites. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.