Banks and other financial institutions are a constant target for hackers and other criminals. Phishing scams are one of the most prolific attack vectors. However, it seems a shift in domain name extension may help alleviate some concerns.
Phishing Attacks Remain A Problem For Banks
While it is convenient to use online banking, it is also a significant issue. More specifically, criminals have mastered the art of spinning up phishing sites, mimicking the actual platforms. That threat has been prevalent for decades and goes well beyond banking. It isn’t uncommon to see fake versions of PayPal, eBay, or even Amazon show up now and then. However, banks remain the primary target, as they serve millions of customers daily.
One common approach by criminals is to copy the site’s layout and redirect users to it by sending out spam email campaigns. They will often explain how customers need to log in to update credentials or accept new terms of service. However, one can easily spot the scam due to the wrong domain name being used. That is no longer as easy as it used to be, unfortunately.
The internet is prone to misspellings, and one letter difference can lead to an entirely different website. Criminals use that to their advantage in their phishing scams. Using common misspellings of brands – as outlined by Krebs on Security – is a very prolific solution. Moreover, Punycode makes it even easier to make domain names look legitimate as they can “defang” domain names with more characters.
The new attack approach creates many headaches for banks and other institutions. Although fake domain names still have slightly different characters, most people will only check the name. In addition, any dots below an “a” or “e” are less obvious unless you know what to look for. It is a crafty approach and one that forces banks to explore some other options.
Embracing The .bank Domain Extension
The world must adjust as criminals develop new ways to make phishing scams seem more legitimate. Several financial institutions want to use the .bank domain name rather than .com. It is unclear if that would prevent using Punycode and similar attacks from tricking customers. Spoofing attacks may only work with top-tier domain extensions like .com or .net, rather than offshoots like .bank.
The push for .bank domain names isn’t entirely new. This new domain extension is designed to create trust, security, and verified domain name ownership. It is a powerful tool for online banking services. Moreover, these domain names must ensure robust technologies and practices, as only verified industry members can register the domain.
Time will tell if moving to .bank will thwart phishing attacks. Criminals are often several steps ahead of the mainstream on that front.
For paid/sponsored articles, FintechMode neither endorses nor takes responsibility for the accuracy, timeliness, quality, and content of said articles. The statements, views and opinions expressed in paid/sponsored articles are solely those of the content provider and readers are reminded that Cryptocurrency products are unregulated in most locations and can be highly risky. Do your own research and consult relevant financial experts before making any investment decisions. FintechMode will not be held accountable, either directly or indirectly, for any harm or loss that may stem from or be linked to the usage or reliance on any information, goods, or services mentioned on this page. If you have any concerns, please email [email protected] or refer to our Terms & Conditions