Should Hosting Companies Be On The Lookout For Phishing Sites?
from the whose-responsibility? dept
Part of the trouble with phishing attacks is that it's a combination of different things, including setting up a misleading domain, spamming people, and then tricking recipients into filling out their info. That means there are also multiple ways of trying to crack down on phishing scams, from education to stopping spam to checking to see if site URLs are really owned by the company in question. However, one other method may be to stop questionable looking URLs from being registered in the first place. Anti-spam group Spamhaus ran a quick study and noticed that some major hosters, such as Yahoo, seem to be hosting a lot of URLs that have the words eBay, PayPal or bank in the URL. That may be a cause of some concern, but it's not illegal to have such a domain name (unless it's done in a way that violates trademark by confusing visitors). Obviously, though, domains like that may deserve greater scrutiny to see if they're being used in phishing scams. So, the question is, who is responsible for the checking? Should hosting sites and registrars monitor the domain names that are hosted and registered with them? Or does that go beyond their responsibility?