DNS - Page 2

  • phishing attempt against fortis-bnp and what dns.be could do

    So I have received the following email

    that I should control my billing online

    Van    Weergave gedetailleerde berichthoofding BNP Paribas Fortis Bank <billing@bnpparibasfortis1.be>
    Datum    Maandag, Augustus 30, 2010 3:58 pm
    Return-path    <billing@bnpparibasfortis1.be>
    Received    from mta03.xtra.co.nz (mta03.xtra.co.nz [210.54.141.252])
    Received    from ForbesandDavies.co.nz ([222.154.225.248]) by mta03.xtra.co.nz with ESMTP id <20100830135825.OXDA3697.mta03.xtra.co.nz@ForbesandDavies.co.nz>; Tue, 31 Aug 2010 01:58:25 +1200
    Received    from User ([219.89.81.158]) by ForbesandDavies.co.nz with Microsoft SMTPSVC(6.0.3790.3959); Tue, 31 Aug 2010 01:58:18 +1200
    Date    Tue, 31 Aug 2010 01:58:18 +1200
    Reply-to    usethelink@bnpparibasfortis.be
    Message-id    <FD-SBSJ0sca0ZkfzDsk000002cc@ForbesandDavies.co.nz>
    MIME-version    1.0
    X-MIMEOLE    Produced By Microsoft MimeOLE V6.00.2600.0000
    X-Mailer    Microsoft Outlook Express 6.00.2600.0000

    It was in fact a stupid phish

    and the reply link to bnpparisbasfortis.be had to alarm them :)

    but

    even if the server has taken away the phishing page, the directory is still there

    http://safw.adm.ncku.edu.tw/fortis  which means that the security intrusion is still there

    secondly according to dns.be it is still available for registration bnpparibasfortis1.be

    how do you mean available for registration

    the only one that should be able to register such a name would be parisbasfortis and no one else even if it would be bnppartis-fortis or whatever other combination or whatever name with bnpparibasfortis in it

    it should be up for 'controlled reservation'

    I know from talks that the people at DNS.Be don't like the idea but I still think personally that a list of about 100 important financial services should be protected against phishers by limiting the reservation to 'owners'.

    One of the unsaid frustration of brandmanagers at ICANN in Brussels was that they each time new domainzones come along they have to spend thousands in blocking tradenames. It seemed a lot like blackmailing on a huge scale. And who can blame them. 'If you don't buy them anybody can and can do whatever he wants with it, even destroying your online reputation, so you better buy them'. You can explain this to your boss for 10 or twenty domainzones but not for hundreds. Except if certain businesscategories get their own domainzone and all other domainzones can't use those brandnames once they are in their proper domainzone. A bit radical but it could wipe out a lot of phishing and squatting.