ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS.The use of domain names in most phishing is relatively crude, You see a lot of names like www.somefreewebsite.com/~ingrid/www.bankofamerica.com/…. Theres no SSL, and the tricky part of the domain name is off to the right. A user would really have to ignore the domain name and focus on the body of the page, which is where the real phishing expertise comes in.

But a potentially lucrative minefield for phishing domains may open up through a series of developments currently underway. One of them is the move by some governments to develop alternative root servers. The other is the development of internationalized domain names, especially top-level domains. In at least one case the two are combined. Phishing at the Top Level

Technorati Tags: Phishing