Experts idenfity tactics to foil phishing

News by Dan Raywood

Phishing can be stamped out altogether if domain names are not sold to criminals.

Phishing can be stamped out altogether if domain names are not sold to criminals.


Andre Edelbrock, CEO of Ethoca, claimed that by selling domain names to criminals, they have the tools to set up phishing sites and steal money and personal details from consumers.


Ethoca, along with provider Tucows, have called on the industry to begin communicating and sharing details on their domain name sales to help find criminals.


Edelbrock said: “If you block the domain name purchase then another merchant can turn it away too, if one company flags it as having issues with the buyer elsewhere. The challenge is now to share information then, you can track who is going to each company to buy.


“How far can we take sharing and information tracking? Looking at the way it can be captured and turn it away, the information is captured and sent out – as an industry we need to look at what has been sold in the last three-six months.”


Edelbrock claimed that domain names are sold, the site is then set up and spam will be sent out with the fake company name. The user goes to that site and provides their information, which is then put into a database, the user is sent on to the real site of the spam name and doesn't think anything more about it, while the phisher only needs the information to sell on the black market or use themselves a couple of weeks later.


He claimed that data should be shared on how many orders have the same set of data, why one particular credit card buys so many laptops at one time and why one person buys 300+ domain names in 15 days. Edelbrock said: “That type of activity becomes a good predictor and now we are really moving out to get other people to participate.”


In order to begin to corner the phishing market, Ethoca has begun working with Tucows to share information. Adam Elliot, fraud investigator at Tucows, claimed that he had not seen much in the way of a community of companies coming together, as most people do not have any known contacts or groups who shared information.


He claimed that the work with Ethoca has been a step forward, and suggested people look at the internet and look for groups, or be specific with communities and find those trying to fight back.


Elliot said: “There are a lot of different trends to be able to spot criminal activity, such as credit cards from the same country, types of domain names, the number they buy and the password used. These can be spotted, but it can be dangerous as the hackers can hit an investigation against them.


“I think the number one trend is in financial services, if a domain name appears it can be a spoof of a genuine financial website. If for example the official site is, but someone was to buy It will look genuine as the page will be made to look that way, and this can really confuse new users. So this sort of domain name is a likely target.


“There are tens of thousands of variants of addresses, so this will allow opportunity for typosquatters to take a site, for example barclaysbank.con. Another trend that will help us spot a possible criminal intent is if the email comes from someone who uses a free web-based address, such as a Yahoo, Gmail or Hotmail address, as anyone who wants to buy a site for legitimate purposes would normally have an official address.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews