Hey, TYPE-YOUR-CREDIT-CARD-NUMBER-HERE.COM is available for registration!	Posted by Mikko @ 14:00 GMT

Being curious about phishing, we decided to look into the number of domains that mimic banks. Just how many are out there? Well, lots.

We did a simple search across com/net/org/us/biz/info top-level domains for common bank names.

Keyword	Number of domains
citibank*	497
bankofamerica*	407
lloyds*	994
bnpparibas*	41
egold*	691
hsbc*	1258
chase*	6470
paypal*	1634
ebay*	8057

When someone in, say, Nigeria wants to register a domain name that starts with the name of a well known bank, why are the registrars so willing to let them register it?

Some examples of existing, active registrations, using Citibank as an example:

  citibank-america.com
  citibank-credicard.com
  citibank-credit-card.com
  citibank-credit-cards.com
  citibank-account-updating.com
  citibank-creditcard.com
  citibank-loans.com
  citibank-login.com
  citibank-online-security.com
  citibank-secure.com
  citibank-site.com
  citibank-sucks.com
  citibank-update.com
  citibank-updateinfo.com
  citibank-updating.com
  citibankaccount.com
  citibankaccountonline.com
  citibankaccounts.com
  citibankaccountsonline.com
  citibankbank.com

Some of these are probably perfectly legitimate. Others probably are not...like citibank-account-updating.com, registered last Friday to Ms. Evelyn Musa in Arlington, VA?