Wednesday, November 25, 2020
  • Home
  •             

Phishing Study

April 3rd, 2006 by Patrick S

F-secure has just done a study on phishing sites. And decided to look into the number of domains that mimic banks. Just how many are out there? Well, lots.

They did a simple search across com/net/org/us/biz/info top-level domains for common bank names 

Keyword Number of domains
citibank* 497
bankofamerica* 407
lloyds* 994
bnpparibas* 41
egold* 691
hsbc* 1258
chase* 6470
paypal* 1634
ebay* 8057

Some examples of existing, active registrations, using Citibank as an example:

  citibank-america.com
  citibank-credicard.com
  citibank-credit-card.com
  citibank-credit-cards.com
  citibank-account-updating.com
  citibank-creditcard.com
  citibank-loans.com
  citibank-login.com
  citibank-online-security.com
  citibank-secure.com
  citibank-site.com
  citibank-sucks.com
  citibank-update.com
  citibank-updateinfo.com
  citibank-updating.com
  citibankaccount.com
  citibankaccountonline.com
  citibankaccounts.com
  citibankaccountsonline.com
  citibankbank.com

All the more reason to use IE7 with phishing filter enabled for that extra little bit of protection.

Source: F-secure (be sure)

Type-your-credit-card-number-here.com is for sale too 😉

Posted in Security | 3 Comments »


This entry was posted on Monday, April 3rd, 2006 at 1:57 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


3 Responses

  1. Zack Says:

    What makes me laugh, is that I’m not with neither of those banks up there and still I get them through my email. SO ANNOYING! I swear if I get another “Chase” one, I’m gonna group the group together and DDoS they entire f*cking lot!!
    Anyway, I’m with an ethical bank which invests my money in medical research for cures for diseases an stuff instead of investing them in arms such as as Barclays…

  2. Aj Collins Says:

    Your not alone Zack, I get the same damn emails every day.

  3. Patrick Elliott [MVP] Says:

    This violates 15 USC 1125 (see here: http://www4.law.cornell.edu/uscode/html/uscode15/usc_sec_15_00001125—-000-.html), part of the U.S. Code dealing with Trademarks — so Citibank can / could / should demand that these names be deleted from the Top-level DNS — since it is still managed by a U.S. corporation 😉