Numerous false bank URLs available for sale

"Phishing" is a term used to describe emails that attempt to lure users of online banking, auction houses or payment services into visiting rigged websites that look like the real thing. The idea is that the users will then provide their data, passwords, credit card numbers and pin codes into the thieves' waiting clutches. To prevent the forged website from being spotted as an improper URL, the con-men often take advantage of browser vulnerabilities, including URL spoofing.

Yet there is another option for enterprising phishers that does away with the reliance on browser vulnerabilities of that sort: phishers willing to invest a bit of their own money could also simply buy themselves domains like http://post-bank.com. It is available from http://www.namegiant.com, the world's largest domain trader. Victims of phishing attacks would then have to take a much closer look at the URL in their browser's address bar to catch the swindle. After all, the real Postbank is not just found at www.postbank.de, but also at www.post-bank.de. The Postbank has in the past already been a regular target of phishing attacks.

Internet Explorer 7 does offer added protection against phishing. Unlike its predecessor, for example, the browser assures that each opened window and pop-up includes an address bar. Yet there have already been successful hacks to falsify the address displayed there. And furthermore, all the added technical protection in the world does nothing to stop original URLs that look very similar to those of the spoofed site.

There are currently still many other bank URLs for sale that appear legitimate at first glance, writes an F-Secure employee in a blog entry.

Many banks have already bought URLs similar to their own so as to protect their customers, setting them to redirect to their official homepages. An example is found at sparkasse-hannover.com.

See also:

• Banks still not protecting customers, recent article on heise Security

(ehe)