New top-level domains unlikely to be a panacea for phishing

A number of financial institutions have jumped on the Internet Corporation for Assigned Names and Numbers' (ICANN) opening up of a round of application for 'dot word' domains.

The forty domains applied for by Australian organisations include a handful proposals lodged by financial institutions. Three of the Big Four have participated in the process, with ANZ applying for .anz, National Australia Bank applying for .nab and .ubank and the Commonwealth Bank applying for three domain suffixes: .cba, .netbank and .commbank.

Unlike current domains like .com and .net, which are effectively open slather in terms of usage, the new top-level domains (TLDs) can be managed under more stringent regulations set by the successful applicant. For example, Western Australia physiotherapist Glenn Ruscoe has applied for .physio, which he intends to restrict to registered physiotherapists only. This means applicants for a .physio domain will be required to provide their credentials proving they are a qualified physiotherapist.

The banks are yet to give an indication of how they will use the new domains (CBA issued a brief statement saying, "Commonwealth Bank can confirm we have applied to ICANN to register the generic Top Level Domains (gTLD) .cba, .commbank and .netbank. We are excited to achieve this first milestone and look forward to the upcoming ICANN approval process.”)

However, the applications for new TLDs should help banks provide another way that consumers can verify a website is genuine before conducting financial transactions, such as online banking.

The new domains will not be a panacea for phishing attacks, however, according to the Asia Pacific director of security firm Sophos, Rob Forsyth. Forsyth noted that the underlying architecture of the internet will remain the same after the new domain suffixes are introduced. "I see it as having perhaps a very small improvement, but in reality it's business as usual," Forsyth said.

"I think there's still a bit of caveat emptor #8212; let the buyer beware #8212; with clicking on any links."

For example, browsers will still be vulnerable to spoofing of their location bar by adding a phoney URL followed by a series of spaces, with the actual URL being navigated to appearing on the right-hand side of the bar.

Rohan Pearce is the editor of Techworld Australia. Contact him at rohan_pearce at

Follow Rohan on Twitter: @rohan_p

Copyright © 2012 IDG Communications, Inc.

Shop Tech Products at Amazon