ERT-In phishing report for 2006 says that during the last 6 months the number of reported URLs went up by 94% (2006-H2: 576 compared to 297 in 2006-H1) and 36 of those URLs were targeting sites in the .in domain space.
US financial organisations were targets of 94% of the reported phishing attacks while brands in India only represented 2%.
According to F-Secure, ICANN (Internet Corporation for Assigned Names and Numbers), the organization responsible for the global coordination of the Internet’s system of unique identifiers, should introduce a .safe domain name to be used by registered banks and other financial organizations.
According to APACS, the UK payments association, 17 million people now bank via the Internet in the UK and that figure is set to rise in the next few years. The trend is similar in other countries. But as the number of Internet bankers rise, so does the amount of people committing fraud. Compared to the first six months of 2005, online banking fraud rose by 55 per cent in 2006.
If ICANN introduced a .safe domain (or .sure or .bank), which could only be used by registered financial institutions, it would allow security providers to create better software to protect the public, according to F-Secure. It would be similar to other top level domain names such as .uk and .gov.
“While a .safe domain name won’t prevent phishing attacks, it will help banks and security providers to keep their customers safe,” said Patrik Runald, Senior Security Specialist at F-Secure. “Banks need to take on some of the responsibility for protecting their customers and using a secure domain name such as .safe will give customers the reassurance they need when banking online.”
Over the last few weeks, F-Secure has been trying to persuade a Hong Kong based registrar to close down a large number of active phishing sites targeting over 20 different banks and while they responded politely to the requests, they did not actually take them down. The .safe domain would certainly help in these cases as users would know that any other domain is to be considered unsafe.
“It’s true this will mean banks have to pay a premium to be able to use the domain name, but it will reduce the number of successful phishing sites that have been tricking many customers out of their hard earned cash,” Runald continued.
“Right now, customers have no good way of automatically being able to tell whether or not a bank website belongs to the bank. So a small bank or credit union phishing site is something that has to be researched. If .safe or .sure is locked down, then security companies would have a much better set of assumptions to start with when filtering email and web traffic. Security providers would then be able to build a better security product and users would feel safe online,” said Runald.
“ICANN has the power to create a safer online banking world, by introducing a top level domain name for banks and other reliable financial institutions. The idea was mooted some time ago, but with levels of online fraud as high as they are, now is the time to take action. .safe would give the millions of online customers the reassurance they need that banking via the Internet is safe,” concluded Runald.
 APACS - The way we pay bills report, February 2007
 APACS – Press Release - Latest figures show UK card fraud losses continue to decline in first six months of 2006, November 2006