Inside ICANNWatch  
Submit Story
Lost Password
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)

    Laugh (or Cry) Another Deceptive-Domain-Name Scammer Targets AOLers
    posted by michael on Wednesday February 19 2003, @06:32AM

    dtobias writes "There has been yet another occurrence of a scam artist getting people's private information by setting up a site under a domain that gives an impression of affiliation with a more trusted entity. Earlier, such scams have been done to target customers of Ebay and PayPal, among others; this one targets users of AOL."

    "As reported in the Risks digest, this new scammer is at aol-billsite.com . This page has a very official-looking form purporting to supply information required in order that an AOL account remain active, including credit card numbers and other personal identifying information.

    More discerning viewers will note a number of "red-flag" items about the page, however. For instance, though the form's text claims that the information will be transmitted securely, in fact both the page URL and the form destination URL are "http:" rather than "https:" protocol, so in fact the form data is transmitted in an entirely insecure way without the SSL protocol. Viewing the source of the page shows that it's a frameset whose main frame is actually on the free hosting provider GeoCities. And the WHOIS information on the domain aol-billsite.com shows that it belongs to an individual, not to AOL. Closer examination of the form's hidden fields in the page source (or the Mozilla browser's "Page Info" form tab, a very useful tool) indicates that the form contents apparently get e-mailed to a Hotmail free e-mail address.

    The relevance of all of this to domain name issues is that, once again, the more gullible members of the public are getting hoodwinked by a con artist taking advantage of the fact that so many legitimate sites exist that use Stupid Unnnecessary Domain Names™ rather than logical subdomains of the parent domain. Marketing departments are enamored of directing customers to a domain name containing the Cute Slogan De Jour, and as a result, the customer, even a fairly sophisticated one, has every reason to believe that aol-billsite.com actually is an official AOL site. After all, Citibank has genuine sites, sometimes seeking input of personal information, at addresses ranging from citibank.com and citicards.com and citicorp.com and citigroup.com to the further-afield registermyaccount.com and accountonline.com .

    If companies would make a point of using only logical subdomains, at least for sites that require customer trust, then the ability of such scams to work would be greatly reduced. Consumers should be educated into knowledge that a subdomain, like billing.aol.com, can't be cybersquatted, but a separate domain like aol-billsite.com can -- so the former is much more trustworthy."

      ICANNWatch Login  


    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

      Related Links  
  • the Risks digest
  • aol-billsite.com
  • GeoCities
  • WHOIS information
  • the Mozilla browser
  • Hotmail
  • Citibank
  • citibank.com
  • citicards.com
  • citicorp.com
  • citigroup.com
  • registermyaccount.com
  • accountonline.com
  • dtobias
  • Ebay
  • PayPal
  • AOL
  • More on Laugh (or Cry)
  • Also by michael
    This discussion has been archived. No new comments can be posted.
    Another Deceptive-Domain-Name Scammer Targets AOLers | Log in/Create an Account | Top | 3 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    Education, education, education...
    by ldg on Wednesday February 19 2003, @11:41PM (#11196)
    User #2935 Info | http://example.com/
    It makes little sense to acquire dozens of domains for use the way citibank has. It's irritating to customers as well if they are at all security conscious and pay attention to the sites to which they are redirected.

    It is also interesting to note that holders of second level domains (i.e., example.com) have the delegation of those domains and can, in fact, delegate third and lower levels themselves. Of course they then have the responsibility as any other registry does to keep them operational.

    In any case, it makes much more sense to use subdomains for intercompany business and no one should EVER submit sensitive information to an insecure site.

    [ Reply to This | Parent ]
    Site shut down
    by dtobias (dan@tobias.name) on Thursday February 20 2003, @04:32AM (#11200)
    User #2967 Info | http://domains.dan.info/
    The site in question seems to have been shut down by the domain registrar... the address doesn't resolve, and the WHOIS record has all contacts as "Registrant Defaulted (abuse@enom.com)".
    [ Reply to This | Parent ]
    How can this domain be deceptive?
    by WIPOorgUK on Thursday February 20 2003, @07:13AM (#11202)
    User #3146 Info | http://wipo.org.uk/
    'AOL' can be used as a trademark by many different types of businesses all over the world.

    It was used for metal bolts, screws and nuts.

    But most domains are not owned by registered trademark.

    And yet ALL words and initials are confusingly similar to trademarks - as virtually every word has been trademarked - most many times over in different type of business and/or country.

    The registered trademark symbol ® identifies them in physical world.

    Can one single stupid idiot say it is not obvious to replace this symbol with a protected TLD in cyberspace?

    Other than the usual twit - who has yet to come out with reasoned argument, as to why registered trademarks should NOT be identified on the Internet.

    Like - people KNOW .gov sites are used by government departments.




    Can anybody tell me - how can that be any other business?
    [ Reply to This | Parent ]

    Search ICANNWatch.org:

    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com