Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Generic domain names pose cyber squatter risk

Centrebet a target during 2010 FIFA World Cup

Melbourne IT has advised of an increase in domain name 'cyber squatting', with large Australian financial companies and government agencies falling victim to phishing attempts as a result of the lack of foresight.

Cyber squatters work by registering a .com or slight variant of a .com.au domain name owned by a large enough company. The domains are used to trap unsuspecting users who have typed in the .com domain name, rather than .com.au, as well as in phishing emails.

Melbourne IT chief strategy officer, Bruce Tonkin, told Computerworld Australia that it had recently found cyber squatters targeting financial institutions such as National Australia Bank (NAB) and even the Australian Tax Office. “You will see in the emails they create and send out that it looks like .com.au but in actual fact you are seeing a mirror image and the underlying site is a .com site set up for banking fraud," he said.

Online betting agency, Centrebet, had also become a victim of cyber squatting. Attempts to expand to Greece ahead of the 2010 FIFA World Cup were hampered in 2009 by cyber squatting on both the centrebet.gr and centerbet.gr domains. The company, through Melbourne IT, ultimately resorted to using dispute resolution laws in Greece to get back the domain names in time for the World Cup, through the ELTA, the Hellenic Post Office. Tonkin advised major companies to pre-register variations of domain names, even without plans to immediately use them, in order to avoid such problems. He also advised companies to have trademark protection on company products and names as this meant they would have a better chance of dispute resolution to retrieve that name.

"That was the difficulty for Centrebet because it is two generic words. This is harder to defend against than a company that has a unique brand like Westpac," he said.

Rules established by the Australian Domain Administration (auDA), which recently marked its two millionth .au domain name registration, largely prevented local cyber squatting attempts. "For .au names there are a couple of rules to discourage misuse of names," Tonkin said. "The first is that you have to have a registered company with an Australian Business Number (ABN) to get a .com.au name which tends to put off cyber squatters.

"The second is that Australia has some rules against using misspelling of brand names. What .au does is that they will cancel a domain name if it’s an obvious misspelling or reserve the name from future registration."

Melbourne IT works with most of the big four banks and other betting agencies in Australia.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: AB, auDA, Domain Administration, Melbourne IT, NAB, National Australia Bank, Westpac, Westpac
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: 2010 FIFA World Cup, Centrebet, cyber squatting, Melbourne IT, online betting, security
Latest Blog Posts
Whitepapers
  • 10 Essential Steps to Web Security
    This short guide outlines 10 simple steps to best practice in web security. Follow them all to step up your organisation’s information security and stay ahead of your competitors. But remember that the target never stands still. Focus on the principles behind the steps – policy, vigilance, simplification, automation and transparency – to keep your information security bang up to date.
    Learn more »
  • Staying Secure and Preventing Data Leaks in a Cloud-obsessed World
    If your organisation is to benefit from this explosive growth, it needs to be able to exploit all that the cloud has to offer. But at the same time, it is vital to protect your company’s employees, networks, data and reputation from the risks that exist in the cloud.
    Learn more »
  • Top 5 Myths of Safe Web Browsing
    There are a lot of misconceptions out there about safe web browsing. You might think you're being safe. But without the facts it’s next to impossible to stay protected against today’s changing threats. In this paper we describe the top five myths of safe web browsing, what the facts really are, and what you can do to stay secure.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments