So I have received the following email
that I should control my billing online
Van Weergave gedetailleerde berichthoofding BNP Paribas Fortis Bank <firstname.lastname@example.org>
Datum Maandag, Augustus 30, 2010 3:58 pm
Received from mta03.xtra.co.nz (mta03.xtra.co.nz [184.108.40.206])
Received from ForbesandDavies.co.nz ([220.127.116.11]) by mta03.xtra.co.nz with ESMTP id <20100830135825.OXDA3697.mta03.xtra.co.nz@ForbesandDavies.co.nz>; Tue, 31 Aug 2010 01:58:25 +1200
Received from User ([18.104.22.168]) by ForbesandDavies.co.nz with Microsoft SMTPSVC(6.0.3790.3959); Tue, 31 Aug 2010 01:58:18 +1200
Date Tue, 31 Aug 2010 01:58:18 +1200
X-MIMEOLE Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer Microsoft Outlook Express 6.00.2600.0000
It was in fact a stupid phish
and the reply link to bnpparisbasfortis.be had to alarm them :)
even if the server has taken away the phishing page, the directory is still there
http://safw.adm.ncku.edu.tw/fortis which means that the security intrusion is still there
secondly according to dns.be it is still available for registration bnpparibasfortis1.be
how do you mean available for registration
the only one that should be able to register such a name would be parisbasfortis and no one else even if it would be bnppartis-fortis or whatever other combination or whatever name with bnpparibasfortis in it
it should be up for 'controlled reservation'
I know from talks that the people at DNS.Be don't like the idea but I still think personally that a list of about 100 important financial services should be protected against phishers by limiting the reservation to 'owners'.
One of the unsaid frustration of brandmanagers at ICANN in Brussels was that they each time new domainzones come along they have to spend thousands in blocking tradenames. It seemed a lot like blackmailing on a huge scale. And who can blame them. 'If you don't buy them anybody can and can do whatever he wants with it, even destroying your online reputation, so you better buy them'. You can explain this to your boss for 10 or twenty domainzones but not for hundreds. Except if certain businesscategories get their own domainzone and all other domainzones can't use those brandnames once they are in their proper domainzone. A bit radical but it could wipe out a lot of phishing and squatting.