Dublin-based Zerflow, an information security company, issued a warning on Wednesday over a new breed of cybersquatters who use fake URLs to steal passwords, personal details, credit card numbers or even money. "We are now seeing more incidents of abuse from URL impersonator... and we are finding a real criminal element out there," explained Tony Geraghty, head of business development for Zerflow.
He said that the company had encountered criminals that have registered new URLs which have similar addresses to existing e-commerce sites, but perhaps a different suffix. Using this fake URL, the impersonators insert meta tags or deceptive content, that resembles meta tags and content in legitimate sites, so that search engines will be sure to pick up the hoax addresses when users look for specific sites.
But often, the addresses are so similar that mistyped URLs could also lead to the fake Web site. These phoney Web sites appear to be the real thing, Geraghty explained, and will generally ask users for their password or personal details to gain access to what the consumer believes to be the real site. "Once they give their password, the site just sends out an error message and tells them to come back later," he said.
In the meantime, the attackers use the personal information to access on-line accounts, or make on-line purchases on the real site using the stolen information. Geraghty cited some examples of this practice uncovered by his own company, including a bookmaker who was attacked in this manner and had funds withdrawn by a bogus user.
These phoney URLs themselves are generally purchased with fake information too, making perpetrators all the more difficult to catch, he said. "Because people are able secure e-business URLs so effectively this kind of thing is on the rise."
Zerflow, which offers a number of information security services, sells a monthly Web scanning service for customers to keep watch over other sites with similar addresses. The company also actively monitors new registrations of addresses that are suspiciously similar to existing e-commerce sites for an annual fee.
With regard to more traditional cybersquatting incidents, where URLs are registered for parody purposes or with the hope of being resold to other owners, Geraghty admitted such practices seem to be on the decline. "That doesn't seem to happen as much anymore and it's now easier to get those names back anyway," he commented.
Still there have been a few notable cyber squatting incidents in recent months including the registration of www.introducingmonday.co.uk, a site with a very similar name to PricewaterhouseCoopers' www.introducingmonday.com. Other contested addresses this year have been treasuryholdings.ie's objections to treasuryholdings.com and Joseph Enterprises Inc, the maker of Chia Pets, objecting to chia.info and chia.biz registrants.
Its worth noting however that in the treasuryholdings incident, the owner of treasuryholdings.com, environmentalist Tim Kirby, said he not accused cyber squatting because he never had any intention to sell the site to Treasury Holdings. The address was used to protest a Treasury Holdings-backed waste facility project. Meanwhile, in the Chia Pets case, Joseph Enterprises Inc. accused NeoPets, owners of chia.info and chia.biz, of hijacking a popular US brand. However both companies made popular retail items that were named Chia.