the new phishing campaigns with the new domainextensions will pass the present antiscamcontrols

just untill the moment that the ICANN decided that everything was too stable and too comfortable for being the internet and that it was time to send an atomic bomb on the internetinfrastructure (in the hope of becoming incredible rich in the meantime) things on the front of scamming became slowly under control a bit and it was possible to detect and stop scamming and phishing campaigns nearly automatically

now all this has changed ..... again ..... and we may start from zero again because three main checkpoints won't be working like before 

1. the domainname 

As anyone can buy nearly anyone of the hundreds of new domainextensions (and you can't scam all those big trademarks and financial institutions to buy their domainnames in all these tld's all the time - you should be blocking a list of I suppose around 100 generic trademarks all the time every time someone can't proof he is authorized to use that term (using words like Google, ebay, visa, mastercard and a list of importants banks and shops)). 

so scammers will now be able to buy domainnames for banks and other financial institutions without having to proof that they are linked to these institutions and by creating confusion

I suppose a new service will have to be developed that will have to register the official whois for all the important banks and other financial services against which new domains with their name in can be checked (as long as the whois is fully checked and not falsified (for example by changing only the emailaddress)

2. once you have a domainname, you have an emailserver under your control

the second check that is important is checking the name of the emaildomain with the name of the emailserver (for example an email from kbc.be should come from the authorized emailserver for kbc.be) but that can't work anymore because the scammers control their own emailserver so kbc.support will come from the authorized emailserver for kbc.support even if the bank KBC has nothing to do with that domainname 

I suppose a new service will have to be created that will keep a list of officially listed officially used emailaddresses by the most important financial services so that emails that arrive in the spamchecker that contain the name of the bank can be checked against this database. 

3. a free certificate for 90 days so they can seem to be trustworthy 

yep, if you have a domainname you can get a free certificate with some services for the time that you would need (knowing that a phishing or scamming campaign only works for a few hours, days or weeks and than will lose all value because it will be stopped everywhere).  So these offers makes it all worthwhile 

What to do ?

well if you can't whitelist, you will have to blacklist

when the Bizz domain was created only scammers bought it to send masses of spam so if you blocked everything on .bizz than you had a few calls a year to whitelist some domain but very seldom. At the other hand thousands of connections and emails to scammers were stopped without having to do something

so the main effect of the ICANN goldrush will be that secure networks will whitelist a limited number of domainextensions (those you need to work or have contact with) and blacklist all the others for which you can demand an exception (knowing they won't ask it if it is to view a video) 

and this means that domains in .com and your local national country are becoming even more valuable because you know that those can't be blocked automatically by most of the internet (except if you live in a country like Russia or China where the local domainextension is polluted with thousands of malware and scamming websites) 

The comments are closed.