WSJ: Banks Looking To New gTLD’s To Stop Phishing

The WallStretJournal published a story on how banks are looking to using their applied for new gTLD’s to cut down on phishing of bank sites on the net.

“Financial-services companies are snatching up new, exclusive Internet addresses in an effort to crack down on cybercrime, which one analyst said cost the industry an estimated $2.5 billion last year.”

“The companies buying up addresses include some of the biggest players in the industry: American Express Co., Capital One Financial Corp.,  J.P. Morgan Chase& Co., Barclays  PLC, Bank of America Corp. and Citigroup Inc”

“The firms have paid at least $3.3 million, or $185,000 per address, to the nonprofit organization that oversees the Internet to secure new exclusive domain extensions, the letters that appear at the end of a website address, such as dot-com or dot-gov.”

“The new addresses include extensions like dot-citi, dot-bofa and dot-barclays. The banks hope these extensions will help their online customers know they are actually dealing with the bank and not a scam website trying to pilfer personal information.”

Web browsers won’t see the new addresses online until the Internet Corp. for Assigned Names and Numbers, or Icann, the organization that oversees the Internet, approves them.”

“Some may appear next year.”

“In 2011, the financial-services industry accounted for nearly half of all “phishing” attacks—attempts to steal customers’ personal data like credit card information, email addresses and passwords—according to the Anti-Phishing Working Group, a corporate group that addresses cybercrime issues.”

“Hackers can buy domain names at registrars like Go Daddy Group Inc. that alter a letter or two in a company’s brand name—replacing “of” with “at” in, for example—and trick consumers by sending them emails dressed up with Bank of America’s logo.”

“Controlling their own domains with exclusive address extensions could help financial-services companies fight phishing because criminals won’t be able to register domains that end in dot-jpmorgan, for example.”

“When we start to put things under dot-discover, it will be tougher to spoof them,” said Mike Boush, vice president of e-business at Discover Financial Services”

“Not all financial companies are convinced. Wells Fargo WFC -0.04% & Co. didn’t apply for one of the new addresses, citing investment costs and the potential for the dilution of its online brand, “When’s the last time you used a dot-biz or dot-info?” said Beverly Butler, Wells Fargo’s vice president for its digital channels group.”

The story did not chat about other new gTLD’s like .Bank or .Secure which will likewise serve to cut down on Phishing.

Like them or not, new gTLD’s are putting domain names on the front page of major publications.



  1. Kate says

    Phishing works because consumers don’t pay enough attention to the URLs.

    How is using a different, supposedly ‘safe’ – but unfamiliar – extension going to make much of a difference ?

  2. says

    And still they are over a year from use. News coverage will only increase.

    NotComs will be thrust on users like never before, by brands, by Google.

    Browser defaults and voice recognition will reduce type in traffic for .coms.

    Millions of new brandable, intuitive names.

    A big change, she is a comin’.

  3. says

    “Not all financial companies are convinced. Wells Fargo WFC -0.04% & Co. didn’t apply for one of the new addresses, citing investment costs and the potential for the dilution of its online brand, “When’s the last time you used a dot-biz or dot-info?” said Beverly Butler, Wells Fargo’s vice president for its digital channels group.”

    I guess Wells Fargo gets it.

    Ask Overstock about brand dilution.


  4. Michael H. Berkens says

    As I said in the post there are applications for both a .bank and .secure but they will not be solely owned by one bank

  5. says

    Hello MHB,

    This without question will cause Brand Dilution. The Media company proponents of this whole scam will stop at nothing to muddy the waters and cause Brand Dilution, which ultimately causes companies to turn to their rerun of perpetual commercials to remind people of their Diluted Brand. Great for advertisers, Bad for Online Business Owners. Business Owners , be warned dont drink the Gtld Kool-aid!

    Unless of course you want Perpetual Advertising Bills ?

    Gratefully, Jeff Schneider (Contact Group) (Metal Tiger)

  6. says

    Websites like are clearly too confusing.

    Consumers need Chase.Bank, Bank.Chase, CreditCards.Chase, etc.

    Banks should take the money they have invested and instead teach consumers to not be stupid about phishing sites.


  7. says

    “Phishing works because consumers don’t pay enough attention to the URLs”

    Actually it is the banks and other businesses that often do not pay attention to their URL’s and host names. I often get official e-mails that have weird third level domains as part of the URL. Also, many use an alternate domain other than their main domain either due to some promotion or for some unknown reason.

    Also, I contactacted Citibank for many months because their e-mail servers were misconfigured and all their e-mail gets tagged as suspicious ( a reverse lookup of the ip address does not match the e-mail server HELO command). They never answered.

  8. says

    Agree with

    I too get insecure emails from, and see confusing URIs at, the few banks and merchant processors websites I deal with regularly. Just do a bank card transaction on the Internet and watch the various URIs that flash in the address/status bar – you will know what I mean.

    They spend millions of dollars on hardware and software but don’t get it with the DNS thing! The issue is so manifest because most of the hardware and software vendors (and their execs), and their big ticket buyers don’t get the whole domain/URI/URL security business at all. Can we fault the lay consumers?

  9. CB says

    Yes, adding a huge number of confusing TLDs is definitely the answer to the phishing problem. I ‘d write more about this, but I just received an email to say that I urgently have to update my bank account details at

Comment Policy: welcomes reader comments. Please follow these simple rules:

  • Stay on topic
  • Refrain from personal attacks
  • Avoid profanity
  • Links should be related to the topic of the post
  • No spamming. Listing domains, products, or services will get the comment deleted

We reserve the right to remove comments if we deem it necessary.

Join the Discussion