The WallStretJournal published a story on how banks are looking to using their applied for new gTLD’s to cut down on phishing of bank sites on the net.
“Financial-services companies are snatching up new, exclusive Internet addresses in an effort to crack down on cybercrime, which one analyst said cost the industry an estimated $2.5 billion last year.”
“The companies buying up addresses include some of the biggest players in the industry: American Express Co., Capital One Financial Corp., J.P. Morgan Chase& Co., Barclays PLC, Bank of America Corp. and Citigroup Inc”
“The firms have paid at least $3.3 million, or $185,000 per address, to the nonprofit organization that oversees the Internet to secure new exclusive domain extensions, the letters that appear at the end of a website address, such as dot-com or dot-gov.”
“The new addresses include extensions like dot-citi, dot-bofa and dot-barclays. The banks hope these extensions will help their online customers know they are actually dealing with the bank and not a scam website trying to pilfer personal information.”
Web browsers won’t see the new addresses online until the Internet Corp. for Assigned Names and Numbers, or Icann, the organization that oversees the Internet, approves them.”
“Some may appear next year.”
“In 2011, the financial-services industry accounted for nearly half of all “phishing” attacks—attempts to steal customers’ personal data like credit card information, email addresses and passwords—according to the Anti-Phishing Working Group, a corporate group that addresses cybercrime issues.”
“Hackers can buy domain names at registrars like Go Daddy Group Inc. that alter a letter or two in a company’s brand name—replacing “of” with “at” in bankofamerica.com, for example—and trick consumers by sending them emails dressed up with Bank of America’s logo.”
“Controlling their own domains with exclusive address extensions could help financial-services companies fight phishing because criminals won’t be able to register domains that end in dot-jpmorgan, for example.”
“When we start to put things under dot-discover, it will be tougher to spoof them,” said Mike Boush, vice president of e-business at Discover Financial Services”
“Not all financial companies are convinced. Wells Fargo WFC -0.04% & Co. didn’t apply for one of the new addresses, citing investment costs and the potential for the dilution of its online brand, wellsfargo.com. “When’s the last time you used a dot-biz or dot-info?” said Beverly Butler, Wells Fargo’s vice president for its digital channels group.”
The story did not chat about other new gTLD’s like .Bank or .Secure which will likewise serve to cut down on Phishing.
Like them or not, new gTLD’s are putting domain names on the front page of major publications.
Phishing works because consumers don’t pay enough attention to the URLs.
How is using a different, supposedly ‘safe’ – but unfamiliar – extension going to make much of a difference ?
And still they are over a year from use. News coverage will only increase.
NotComs will be thrust on users like never before, by brands, by Google.
Browser defaults and voice recognition will reduce type in traffic for .coms.
Millions of new brandable, intuitive names.
A big change, she is a comin’.
“Not all financial companies are convinced. Wells Fargo WFC -0.04% & Co. didn’t apply for one of the new addresses, citing investment costs and the potential for the dilution of its online brand, wellsfargo.com. “When’s the last time you used a dot-biz or dot-info?” said Beverly Butler, Wells Fargo’s vice president for its digital channels group.”
I guess Wells Fargo gets it.
Ask Overstock about brand dilution.
Brad
it should be not .citi, or .bofa, are they stupid? that shoud be something like .securebank at least
As I said in the post there are applications for both a .bank and .secure but they will not be solely owned by one bank
Romney-Ryan or Obama-Biden? Two choices, same outcome.
this will be counterproductive, people will think the ALTs are a scam, they find legitimacy in a real .Com
citibank.com / bankofamerica.com, do they look like phishing scams to you? Not me. How about http://www.wtf.citi, or bozos@bofa.bofa that looks more like a scam
If you believe me now regarding the fate of the ALTs on average then I wont be a jerk a say I told you so later like I always do.
Hello MHB,
This without question will cause Brand Dilution. The Media company proponents of this whole scam will stop at nothing to muddy the waters and cause Brand Dilution, which ultimately causes companies to turn to their rerun of perpetual commercials to remind people of their Diluted Brand. Great for advertisers, Bad for Online Business Owners. Business Owners , be warned dont drink the Gtld Kool-aid!
Unless of course you want Perpetual Advertising Bills ?
Gratefully, Jeff Schneider (Contact Group) (Metal Tiger)
Websites like Chase.com are clearly too confusing.
Consumers need Chase.Bank, Bank.Chase, CreditCards.Chase, etc.
Banks should take the money they have invested and instead teach consumers to not be stupid about phishing sites.
Brad
“Phishing works because consumers don’t pay enough attention to the URLs”
Actually it is the banks and other businesses that often do not pay attention to their URL’s and host names. I often get official e-mails that have weird third level domains as part of the URL. Also, many use an alternate domain other than their main domain either due to some promotion or for some unknown reason.
Also, I contactacted Citibank for many months because their e-mail servers were misconfigured and all their e-mail gets tagged as suspicious ( a reverse lookup of the ip address does not match the e-mail server HELO command). They never answered.
Agree with HELP.org.
I too get insecure emails from, and see confusing URIs at, the few banks and merchant processors websites I deal with regularly. Just do a bank card transaction on the Internet and watch the various URIs that flash in the address/status bar – you will know what I mean.
They spend millions of dollars on hardware and software but don’t get it with the DNS thing! The issue is so manifest because most of the hardware and software vendors (and their execs), and their big ticket buyers don’t get the whole domain/URI/URL security business at all. Can we fault the lay consumers?
Yes, adding a huge number of confusing TLDs is definitely the answer to the phishing problem. I ‘d write more about this, but I just received an email to say that I urgently have to update my bank account details at http://citi.online
official – citibank.com—info.web looks legit
they are dreaming … stop phishing do need new (but still not invented) ideas