Security Firm Says It Can't Fight Phishing, So Banks Should Move To A New Domain
from the now-there's-a-solution dept
Our friends at anti-virus firm F-Secure have managed to combine two of our favorite things -- security FUD and useless top-level domains -- in a single story. The company says that ICANN should create a ".safe" TLD as a way to stop phishing. It contends that the domain could only be made available to registered banks and financial services firms, then users would know that they should only use sites from such companies that are hosted in the domain. It also contends that such a domain "would allow security providers to create better software to protect the public". The flaws in this concept are pretty obvious. Not only would it require every bank, credit-card company and financial services provider in the world to buy a new domain name and transfer their sites to it, but it doesn't do anything to get around the actual problem with phishing -- that people enter their personal information into sites they think are legitimate. Plenty of phishing attempts use domain names that are fairly obviously fake, but they're either masked by phishers some how, or victims simply don't pay enough attention to notice. Trying to move banks to a new domain won't help stop this at all, and won't provide any advantages over the current system. F-Secure says the change is needed to help security firms fight phishing, but that seems like little more than a comment about its own inadequacies rather than a convincing argument.