The new ICANN arrangement for opening up new domains and web addresses that becomes effective this week is good news for fraudsters. Other Gartner analysts, i.e. Andrew Frank, Lydia Leong and Ray Valdes, cover the overriding advertising and domain registration/monitoring aspects but from a fraud point of view, this is bad news for legitimate users.
This will make it much easier for hackers to phish or spoof consumers (and thereby deliver malware to endpoints and/or collect sensitive information) because:
a. They can make use of unlimited choices to spoof known brands – meaning consumers will have a much harder time knowing what’s real and what isn’t
b. It will be exponentially that much harder to detect the spoof site using customer feedback mechanisms, and that much harder to take them down since they won’t be identified as quickly
c. Brand protection will be much costlier because there is exponentially more to monitor.
All is not lost however to the hackers. There are a series of measures enterprises worried about their brands being phished can take by adopting a layered security approach that includes:
1. anti-phishing services that detect and take down phishing attacks
2. email-certification and blocking services
3. Phishing site linkage detection and browser protection
While it will cost enterprises precious resources to adopt these services, it’s time for them to start looking outside their firewalls in order to protect their assets and users. The ICANN decision adds a sense of urgency to the matter.