NEWS FROM THE LAB - Friday, October 27, 2006

Reselling domain names... for phishing gangs Posted by Mikko @ 13:36 GMT

There's a very active aftermarket in domain names. These are domain names that have already been registered and are now being resold. For example, hell.com and auction.com are being auctioned today to the highest bidders and they are expected to be sold for several million dollars each.

But most domain names are resold for a few hundred or a few thousand dollars (where the original registration price is typically $5 to $15).

The largest domain resellers include Sedo and Moniker.

There's nothing wrong in reselling cool domains like tractors.com, filmlist.com or 4fares.com to anyone who wants to buy them.

But how about reselling domains that obviously belong to banks or other financial institutions?

We made some searches on Sedo.com and found out that they are reselling domains like chasebank-online.com, citi-bank.com and bankofameriuca.com. Now, why would anybody want to buy these domains unless they are the bank themselves - or a phishing scammer? Don't mix these with new registrations: these are existing domain names, already owned by someone - and now being resold via Sedo.


Other examples of obviously fraudulent domain names that are currently being resold:

  paypal-antifraud.comSedo Chase

We also found out that they are reselling accented domain names that have been created using letters "�" and "�" with an apostrophe instead of the normal "a" or "i" to create highly deceptive domain names like v�sa.com, p�ypal.com and payp�l.com. And these three examples are currently for sale to anyone via Sedo.

Domain name resellers should filter out obvious phishing site names.

PS.https://www.f-secure.comsecure.com/weblog/archives/archive-032006.html#00000845">Here's a rant on registering new bank-related domains.

Updated to add: Sedo responds. Jeremiah Johnston, Sedo's general counsel, says his company wants to "balance the rights of all users" and added that at times, trademark owners "harass a lot of legitimate domain owners." Full article in here.