One firm, Sedo, is also trading names with accented letters, such as vísa.com, pàypal.com and paypàl.com. On his company blog, F-Secure’s chief researcher, Mikko Hypponen, asked: ‘Why would anybody want to buy these domains unless they are the bank themselves – or a phishing scammer?’
Unregistered URLs can be purchased for a reasonable sum, usually in the region of US$10-15. However, resold domain names can change hands for prices in the hundreds or thousands, giving resellers access to potentially vast profits.
In response to F-Secure’s alert, Sedo’s general counsel, Jeremiah Johnston, denied liability. Claiming that Sedo was nothing more than a neutral trading platform in a similar mould to eBay, he went on to say that trademark owners had a tendency to ‘harass a lot of legitimate domain owners.’ Johnston also said that Sedo was working hard to ‘balance the rights of all users’, and placed the onus on trademark owners to notify the firm of potential problems. ‘We have more than six million domains for sale,’ he said. ‘It's impossible for us to proactively filter sales.’
Finnish web-security firm, F-Secure, reported this week that domain name resale merchants are trading bogus URLs to ‘phishers’ – web users seeking to mislead Internet surfers through the use of established brands. Some of the items put up for resale include obvious targets such as chasebank-online.com, citi-bank.com and bankofamerica.com