A phishing attempt against ASB subsidiary BankDirect was smartly dealt with late last month, by involving the police and apparently the registrar of the website involved.
However, InternetNZ and the Domain Name Commissioner, though contacted by ASB, did not become directly involved. Exactly who closed down the site is muddied by a “no comment” from the registrar. The site is no longer reachable, but the name was still recorded as registered late last week.
An email had been sent out last month purporting to come from BankDirect with the subject “Anti-fraud notification” and carrying an html page with the heading “Security Door”. This used the logos of BankDirect and its NetDirect service and text relating to genuine BankDirect security precautions. The first paragraph, however, read in classic phishing style: “ERROR(XCF1P1) We were unable to process your recent transactions on your account. To ensure that your account is not suspended, please update your information.”
The clickable link on the last three words led to a site under the domain name “bankdlrect.co.nz”, with an ‘l’ in place of the ‘i’. In an apparent effort to make the erroneous letter less obvious, “BankDIrect” elsewhere on the page was spelt with an upper-case I.
The site was hosted in Christchurch, but the pages were served from overseas, says ASB’s head of technology Clayton Wakefield.
ASB contacted the hosting company, the Domain Name Commissioner and InternetNZ and a number of other people approached the host and registrar of the name, Discount Domains, of Christchurch. The site was taken down. “Meanwhile, we informed the police,” says Wakefield. “There was a clear case for removing the site, as it was involved in illegal activity,” he says. “Impersonating a financial institution is a matter that should be taken very seriously and the [domain name] commissioner did so. It is fraud and theft.”
The matter is still in the hands of police, who have the name of the alleged registrant.
However, commissioner Debbie Monahan says she did not consider she could act. “We [her office and InternetNZ] don’t get involved in what a domain name is used for. That’s InternetNZ policy at the present stage.” If members want the policy to be changed, she says, avenues are open for a change to be discussed, but no such proposal is currently on the table.
Discount Domains spokesman Brendan McNeill declined to comment on the matter last week. “I think it’s better that I don’t discuss it,” he said. “I respect the role of the media and this could all come out at a later date, but not now.”
According to records, consulted when Computerworld saw the email, the “bankdlrect” domain was registered to a Rodney Gustwite in the US. That registration record still existed late last week.
InternetNZ’s policy of non-interference has frequently been discussed by sociey members, particularly in the light of domain names which threaten to trespass on trade-marks and misspelt names evidently intended to mislead, in the context of trading and children being allegedly led to erotic sites, but the policy has stayed in place. Overseas agencies are investigating similiar practices.