November 8, 2016
A couple of tools have been developed recently that offer new weapons in the fight against phishing.
Phishing is the illegal practice of acquiring sensitive personal and financial information; carried out by perpetrators under the guise of being a trustworthy entity or company known to the target. Phishing most often occurs via email communications that include links to web sites that may look very similar to the real organisation.
Even the domain names may be similar - perhaps just a single character of difference (i.e. a typo domain); but it's enough to fool many people who don't carefully examine the address.
Phishing can also be a major threat to businesses when their staff are targeted as information such as usernames and passwords relating to the company can be unintentionally delivered into the hands of nefarious parties.
It's a growing problem. The cost of phishing is nearly $500 million per year in the United States alone according to Phishing.org and according to the Anti-Phishing Working Group (APWG); 466,065 unique phishing sites were identified in the second quarter of this year.
Two new tools have recently been unveiled in the ongoing battle against phishing.
The first is from DomainTools - PhishEye. The solution uses an automated process to identify look-alike domains that imitate brand, product, or organization names - and it does so very close to the time of their registration. These domain names can then be added to an organisation or ISP's spam filters, firewalls, and other security systems to protect staff and customers from phishing attacks.
But what if phishing domains could be halted at the point of registration?
Researchers at Princeton University and the University of California have been working on such a tool - an algorithm called PREDATOR. It works by scanning for 22 flags that are consistent with phishing-type behavior.
"The tool would be helpful if it were used by the hundreds of registrars offering domain names for purchase in order to stop cyber criminals planning attacks as they’re purchasing the names," states an article on the WSJ blog.
There's not likely to be a single silver bullet against phishing and some of the best protection is through education; teaching internet users what to watch for.
Some types of domains fare better than others when it comes to phishing.
The rare incidence of phishing using .com.au domains is one of the reasons the extension is so highly regarded by businesses and consumers, both locally and abroad. If Australian domain registrars are screening registrations properly; the likelihood of such domains slipping through is small.
Have a web site or blog? Get our free domain news widget.
How to register a name: Enter your choice in the search tool and click 'GO'. If after the check the domain names search results show your choice is available, you will then have the option to proceed to purchase registration; which is a very quick and easy process - start a search and find your ideal website address now.