In association with heise online

30 October 2006, 10:06

Numerous false bank URLs available for sale

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

"Phishing" is a term used to describe emails that attempt to lure users of online banking, auction houses or payment services into visiting rigged websites that look like the real thing. The idea is that the users will then provide their data, passwords, credit card numbers and pin codes into the thieves' waiting clutches. To prevent the forged website from being spotted as an improper URL, the con-men often take advantage of browser vulnerabilities, including URL spoofing.

Yet there is another option for enterprising phishers that does away with the reliance on browser vulnerabilities of that sort: phishers willing to invest a bit of their own money could also simply buy themselves domains like It is available from, the world's largest domain trader. Victims of phishing attacks would then have to take a much closer look at the URL in their browser's address bar to catch the swindle. After all, the real Postbank is not just found at, but also at The Postbank has in the past already been a regular target of phishing attacks.

Internet Explorer 7 does offer added protection against phishing. Unlike its predecessor, for example, the browser assures that each opened window and pop-up includes an address bar. Yet there have already been successful hacks to falsify the address displayed there. And furthermore, all the added technical protection in the world does nothing to stop original URLs that look very similar to those of the spoofed site.

There are currently still many other bank URLs for sale that appear legitimate at first glance, writes an F-Secure employee in a blog entry.

Many banks have already bought URLs similar to their own so as to protect their customers, setting them to redirect to their official homepages. An example is found at

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit