Feeds

ICANN urged to cut phishing trawl with banking domain

.Safe harbour

5 things you didn’t know about cloud backup

Security watchers are calling on net governance body ICANN to adopt a new top level domain name to be used exclusively by registered banks and financial organisations.

A .safe or .sure domain name would give consumers increased piece of mind that they are dealing with a legitimate financial institution while potentially making it easier to identify rogue sites.

If ICANN introduced a .safe domain (or .sure or .bank), which could only be used by registered financial institutions, it would allow security providers to create better software to protect the public, according to F-Secure.

The idea has been in existence for some time, but the massive rise in phishing attacks over recent months has renewed interest. According to figures from UK banking organisation APACS released earlier this month, online banking fraud losses in the UK alone came to £33.5m in 2006, up from £23.2m in 2005. This 44 per cent year-on-year increase was largely driven by an increase in phishing incidents, which went up from 1,713 in 2005 to 14,156 last year.

"While a .safe domain name won’t prevent phishing attacks, it will help banks and security providers to keep their customers safe,” said Mikko Hyppönen, chief research officer at F-Secure. "Using a secure domain name such as .safe will give customers the reassurance they need when banking online.

"It’s true this will mean banks have to pay a premium to be able to use the domain name, but it will reduce the number of successful phishing sites that have been tricking many customers out of their hard earned cash," Hyppönen continued.

Recent months have seen the launch of numerous services and enhancements to browser software packages and searching sites designed to warn users that they might be visiting dodgy domains. Hyppönen reckons these efforts are all well and good but don't go far enough. "Right now, customers have no good way of automatically being able to tell whether or not a bank website belongs to the bank," he said.

A .safe domain only available to financial institutions would be comparable to top level domains such .gov, which is only available to government institutions. Anecdotal evidence suggests this approach might lead to a more controlled environment for internet banking. A recent study based on results from SiteAdvisor, a free "safe searching" tool from McAfee that catalogues and warns users about unsafe sites, found that .gov was the only tested domain for which SiteAdvisor found no risky sites. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.