Here’s an interesting — and troubling — variation on the phishing scam: Using c
The phishing email in question is the same as any another PayPal phish – “We recently reviewed your account, and suspect that your PayPal account may have been accessed by an unauthorized third party.” But the link victims are expected to click on, visible as https://www.paypal.com/cgi-bin/webscr?cmd=_fraud-check&limited_access=1086452724=”/A”> resolves to www.paypal.de.com , which looks credible as a legitimate PayPal website in Germany.
De.com is actually owned by CentralNic Ltd, a private London Based domain name registry, which also own US.COM, EU.COM, UK.COM, CN.COM, RU.COM, and twelve others that “represent the worlds most populated countries.” According to eNom, Inc, one of the Internet’s accredited registrars which issued the country specific domains, ”there are no restrictions or rules when registering these domains, unlike other domains which require you to be a citizen of the country in order to make a purchase.”
In other words, easy pickings for phishers. And of course, this means that anti-phish devices such as SpoofStick, which look at the underlying domain name to gauge whether a website is fraudulent or not, are not going to be much help here because they would only show the domain to be de.com, which doesn’t sound phishy enough to deter anyone but the most alert user.
My tupennies’ worth: Domain registrars must take on some of the responsibility for these registrations. It’s not acceptable to just let anyone register a paypal domain and say it’s not your business. Secondly, anti-phishing devices must make clear they can’t guard against every phishing attack.