According to story in the AP, a new study by security researcher Jim Stickley shows how even search engines can get tricked into ranking phishing sites.
created a Web site purporting to belong to the Credit Union of Southern California, a real business that agreed to be part of the experiment.”
His phony site got a No. 2 ranking on Yahooand landed in the top slot on Bing, ahead of even the credit union’s real site.”
“””The experiment convinced Credit Union of Southern California that it should protect itself by being more aggressive about buying domain names similar to its own.””
“””Domains generally cost a few hundred dollars to a few thousand dollars each — a pittance compared with a‘s potential liability or loss of goodwill if its customers are ripped off by a fake site.””
Interesting to note that Google didn’t fall for the fake site, never ranking it higher than on the 6th result page.
The Credit Union just realized something we have talked about since we have been blogging.
Companies need to be proactive and secure possible typo’s and variations while then can for registration fees rather than go through the much costlier process of a WIPO or UDRP or the public relations cost of having a scam site take advantage of its good name.