The new ICANN arrangement for opening up new domains and web addresses that becomes effective this week is good news for fraudsters. Other Gartner analysts, i.e. Andrew Frank, Lydia Leong and Ray Valdes, cover the overriding advertising and domain registration/monitoring aspects but from a fraud point of view, this is bad news for legitimate users.
This will make it much easier for hackers to phish or spoof consumers (and thereby deliver malware to endpoints and/or collect sensitive information) because:
a. They can make use of unlimited choices to spoof known brands – meaning consumers will have a much harder time knowing what’s real and what isn’t
b. It will be exponentially that much harder to detect the spoof site using customer feedback mechanisms, and that much harder to take them down since they won’t be identified as quickly
c. Brand protection will be much costlier because there is exponentially more to monitor.
All is not lost however to the hackers. There are a series of measures enterprises worried about their brands being phished can take by adopting a layered security approach that includes:
1. anti-phishing services that detect and take down phishing attacks
2. email-certification and blocking services
3. Phishing site linkage detection and browser protection
While it will cost enterprises precious resources to adopt these services, it’s time for them to start looking outside their firewalls in order to protect their assets and users. The ICANN decision adds a sense of urgency to the matter.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.