Ask Leo: Beware of the New Phishing Holes

beware of new phishing holes

Opening Phishing Holes with New Top-Level Domains

By Leo Notenboom

You’re used to seeing domains ending in .com, .net, and many other of what are called the top-level domains.

But … .bank? .microsoft? .paypal?

Perhaps even .leo? .askleo?

ICANN, the Internet Corporation for Assigned Names and Numbers, is in the process of rolling out the ability to purchase your own top level domain. It’s not cheap (you won’t be seeing .askleo any time soon), but it is happening.

Unfortunately, one of the expected side effects is a massive increase in phishing attempts. And if you’re not careful, you could fall victim.

New top-level domains

The concept is very simple: there’s no technical reason that the internet should be limited to domains that all end in one of a small set of tightly controlled top-level domains or TLDs.

They are somewhat useful – aside from the ubiquitous .com, .net, and other generic TLDs (gTLD) – most of the existing TLDs be used to identify the country of registration. Even though some countries don’t restrict registration (, for example, is not related to Libya, and has nothing to do with Montenegro), many, if not most, do.

But those are all standards of convenience – there’s really no technical reason that TLDs need to be limited to only that set.

And, beginning this year, they won’t be.

For the modest sum of $185,000 US, you can apply for a new, generic top-level domain (there is an application process and certain requirements must be met).

Assuming that you are successful and gain ownership of that domain, then you control what happens on that entire top level domain. Were I to own .leo then I could create ask.leo as a domain for my website or mail. (Don’t worry, I don’t have a spare $185,000 to do it.)

The controversy

Read the rest of the story here..

This post is excerpted with permission from Leo Notenboom.

 672 total views,  1 views today

(Visited 1 times, 1 visits today)

2 thoughts on “Ask Leo: Beware of the New Phishing Holes”

  1. You started working for Microsoft in 1#83, stayed for 18 years and you don’t have an extra $185K? What did you do wrong? 😉

  2. Just wait til the UN takes it over as they are trying to do. The domain names will cost a percentage of income as an international tax.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.