<<<
Friday, October 27, 2006
>>>
 
Reselling domain names... for phishing gangs Posted by Mikko @ 13:36 GMT

There's a very active aftermarket in domain names. These are domain names that have already been registered and are now being resold. For example, hell.com and auction.com are being auctioned today to the highest bidders and they are expected to be sold for several million dollars each.

But most domain names are resold for a few hundred or a few thousand dollars (where the original registration price is typically $5 to $15).

The largest domain resellers include Sedo and Moniker.

There's nothing wrong in reselling cool domains like tractors.com, filmlist.com or 4fares.com to anyone who wants to buy them.

But how about reselling domains that obviously belong to banks or other financial institutions?

We made some searches on Sedo.com and found out that they are reselling domains like chasebank-online.com, citi-bank.com and bankofameriuca.com. Now, why would anybody want to buy these domains unless they are the bank themselves - or a phishing scammer? Don't mix these with new registrations: these are existing domain names, already owned by someone - and now being resold via Sedo.

Citi-Bank

Other examples of obviously fraudulent domain names that are currently being resold:

  americanexpress.cc
  americanexpresscredicard.com
  amex.cc
  citi-bank.info
  citibanconline.com
  ccitibank.com
  paypal-antifraud.comSedo Chase
  chasebank-online.com
  chase-bank-credit-card.info
  bank-of-america.be
  halifax.uk.com
  httpwwwhotmail.com
  https.in
  hsbc-internet-banking.info
  post-bank.com
  mastercard.name
  mastercarding.com
  natwestbank.net
  visacard.us
  visacardcredit.com
  wwwbankofchina.com
  wwwcitifinancial.ca
  wwwpaypal.ca
  www-e-bay.de
  www-ebay.es
  wwwmastercard.com.br
  wamubamk.com
  wamu-online-banking.info
  atmmastercard.com

We also found out that they are reselling accented domain names that have been created using letters "" and "" with an apostrophe instead of the normal "a" or "i" to create highly deceptive domain names like vsa.com, pypal.com and paypl.com. And these three examples are currently for sale to anyone via Sedo.

Domain name resellers should filter out obvious phishing site names.

PS. Here's a rant on registering new bank-related domains.

Updated to add: Sedo responds. Jeremiah Johnston, Sedo's general counsel, says his company wants to "balance the rights of all users" and added that at times, trademark owners "harass a lot of legitimate domain owners." Full article in here.






<<< Battery energy drink - Breakfast of champions
|
Sub-Zero >>>