© September 2003 Tony Lawrence

Mon Sep 8 14:27:15 GMT 2003 Watch your typing

Link: Fake websites on the Increase

Once the near exclusive province of porn sites and domain resellers, fake web sites will probably be even more popular now that the scam artists have realized how well these can work for them. It's simple enough: you register something like paypsl.com, knowing that typists hit "s" now and then for "a". Your site looks just like PayPal, and if a few hundred users don't notice, you have their Paypal passords and perhaps even more.

Sooner or later someone is going to hijack the DNS system and not even have to bother with fake domain names. Frankly, that worries me more than this, as most folks probably have Paypal, their bank, and similar sites in bookmarks and don't type them in all that often. That DNS is vulnerable to such an attack is already suspected; but what I'm afraid of is that the people who actually succeed will be smart enough to keep it low profile: subvert Paypal for a few minutes, gather a few thousand passwords, and then put it back. Site Certificate warnings will of course pop up, but because that kind of thing happens now and then anyway, my bet is most folks would just ignore it.

Cybercrime is probably a great growth industry. Too bad we can't buy stock in it.

