Home / Blogs

The Growing Threat of Cybersquatting in the Banking and Finance Sector

Doug Isenberg

The apparent cyber heist of of $81 million from the Bangladesh central bank's U.S. account may cause some people to question the security of online banking. While the online theft prompted SWIFT — a cooperative owned by 3,000 financial institutions around the world — to make sure banks are following recommended security practices, the incident also could have ramifications for banking customers worldwide.

Indeed, the Bangladesh online banking break-in comes just as the World Intellectual Property Organization (WIPO) identified the banking and finance industry as the second-most-popular sector to file cybersquatting complaints in 2015. Nine percent of all domain name disputes at WIPO last year were filed by bank and finance owners, second only to the fashion industry.

WIPO identified the following banking and finance entities as among the most active pursuers of cybersquatters: Banco Bradesco, Bank of Scotland, Bloomberg Finance, Comercia Bank, Intesa Sanpaolo, Lloyds, Saxo Bank and Sydbank.

At the Forum, the second most-active provider of domain name dispute services, the list of banks that filed domain name disputes in 2015 is more U.S.-centric, including complaints by American Express, Bank of America, Barclays, Discover Financial Services, OneWest Bank, Regions, TD Bank and Wells Fargo.

Using UDRP and URS to Fight Cybersquatters

While most of these cases were filed under the Uniform Domain Name Dispute Resolution Policy (UDRP), companies from the banking and financial services industries also are taking advantage of the new Uniform Rapid Suspension System (URS) to tackle registrations in the new generic top-level domains (gTLDs), such as .club, .guru, .services, .top, .wiki and .xyz. Morgan Stanley, Principal Financial Services and PayPal have all used the URS to their advantage.

In many cases, the domain name disputes initiated by banks involve phishing scams, that is, where the cybersquatter tries to trick a customer into providing his or her account information. For example:

  • In one Wells Fargo case, involving the domain name <welilsfargo.com>, the UDRP panelist found that the registrant of the domain name was "seeking to deceive Internet users by providing a web site containing a near identical copy of [Wells Fargo's] web site and seeking to fraudulently obtain personal information from Internet users through a phishing scam."
  • Similarly, in a UDRP case for <lloydsprivatecommercialfinance.com>, Lloyds Bank said that "[t]he disputed domain name is used to host a website appearing to offer financial services, but there is no proof there of any delivery of such services, nor any mention of any official authorization, as would be mandatory. The Respondent appears intent on making unjustified profits or defrauding consumers to reveal personal or proprietary information."

Phishing, Crimeware and Education

These banking-related cybersquatting cases are consistent with a general increase in phishing scams overall: The non-profit Anti-Phishing Working Group (APWG) reported that the financial services industry was the second-most-targeted industry sector in the fourth quarter of 2015 (behind only the retail/service sector). The APWG also notes that access to financial-based websites is the most common target for "crimeware" attacks, which it defines as "data-stealing malicious code designed specifically to be used to victimize financial institutions' customers and to co-opt those institutions' identities."

Although online banking is now commonplace, some customers continue to fall for some scams. Indeed, the Federal Trade Commission warns consumers that they should never click on links in email messages requesting financial information. And individual banks send similar messages. For example, Bank of America cautions their customers about the common "phony email ask[ing] you to go to a website that looks like a Bank of America site, but is actually a site the criminal has set up asking you to provide your personal account information."

Despite these warnings, phishing and crimeware attacks targeting the banking and finance sector are not likely to disappear anytime soon, as the reports from WIPO and the APWG make clear. While banks and financial service providers should continue to educate customers, tackling cybersquatters through the UDRP and URS remain important — and very effective — tools to ensure that online banking remains safe.

By Doug Isenberg, Attorney & Founder of The GigaLaw Firm. Learn more by visiting The GigaLaw Firm website. Doug Isenberg also maintains a blog here.

Related topics: Cybercrime, Cybersquatting, Domain Names, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

8 Tips to Find Your Perfect .COM Domain Name

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Radix Launches Startup League at TechCrunch

Celebrating One Year of .online

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

LogicBoxes Launches the New Elite Reseller Program

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Effective Strategies to Build Your Reseller Channel (Webinar)

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Sponsored Topics

Port25

Email

Sponsored by
Port25
Afilias

DNS Security

Sponsored by
Afilias
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Verisign

Security

Sponsored by
Verisign