Get best of the week

Can phishing sites be eradicated?

You can immediately answer “no” and go past the post. And you can go under the cut and reflect. Let's drop Russian realities (or the realities of any country) and try to find a working solution together. It seems to me that it is. Abstracts under the cut.

Denote the initial data of the problem.


A phishing site uses the name of some resource \ brand, mimicking it.

Options:

  • full copy of the name without substitutions - abstractcompanyname;
  • use of visually similar characters from UNICODE (if allowed by the registrar) - ábstractbankcompanyname;
  • replacements with a bet on ignorance of the brand name - abstraktcompanyname, abstractcompanyneim and others;
  • all of the above + adding numbers, for example, the region code of the Russian Federation - abstractcompanyname78
  • all of the above + use of domains 2..N level - abstractcompanyname.ru.education ..... nagibator2000.cc

Who should care about this in the first place? Obviously, those organizations under which they mimic. But in the current realities, when the search for phishing sites is voluntary, the vast majority of companies do not deal with this issue. I see no reason to list the reasons; they are pretty obvious. Therefore, I propose to focus on another.

Second level domains


If a phishing domain of the second level is created (thanks to corrected commentators), the registrar will be the first to know about it, considering the application. If successful, the domain is successfully delegated, the money for 1 year goes to the cashier. What prevents the registrar from informing the company after that? A lot of things interfere, of course. OK, but why not let the registrar make a convenient whois service for checking registered names? And the name not only by complete search, but also by name with possible "tricks"? It seems to me that a typo search will do for this, where you can specify the maximum number of typos.

Level 3+ Domains


Here the ball is on the side of the search engines. Their "spiders" index pages. A search engine could analyze its address for phishing. But to inform everyone - you will rub the informator. Therefore, we need mechanics.

Mechanics


The initiative should come from companies. They apply for tracking the name mention to the registrar / search engine. But how to stir up companies? State kick. The company must be motivated to track phishing sites. Now only large players of the b2c segment do this, as for me. Popular anger is a powerful thing. Therefore, it is easier to play ahead of the curve. As a result, having received a notification about a phishing domain, the company justifies the regulator the reasons for the separation.

Implementation problems


  • . ICANN. .
  • . (?). - , . - . . . — . , … , «» .
  • Monetization. It seems like everything can be simplified. Companies are required to track phishing sites that relate to them. But do not oblige everyone, but those that are interesting to scammers. But what criteria would determine this interest is a question. The number of users \ subscribers \ visitors. In general, the size of the customer base. If a lot of people can suffer, then the company should monitor phishing sites. Perhaps another criterion is turnover.
  • A responsibility. It is also worth considering. And for all parties. For companies, for search engines, for registrars, for competent authorities. All links in the chain should be motivated by a “carrot in the back” to do their job as quickly as possible. To do this, determine the standards for response time.

And then we’ll live! Or not?

More articles:


All Articles