Bank on this new gTLD to keep your finances safe


We’ve all received them.  Emails, often full of spelling mistakes and grammatical errors that tell us there has been some suspicious activity in our bank account and demand that unless we log in now, our account will be suspended.  We have all got over the suspicion of managing our financial affairs online, but even still, there is this nagging little voice in our heads that reminds us that the old-fashion method of keeping our cash in a biscuit tin under the mattress is still the safest option. 

Even if the email comes from a bank that we do not use, there is often that little voice in our heads casting doubt over something we have done.  This criminal activity is more commonly known as Phishing and is more of a problem for online users today than it has been for the best part of a decade.  According to a report published in November 2014 by UCSD and Google, 21% of all phishing sites are aimed at obtaining banking credentials.  The Anti-Phishing Working Group (APWG) publishes quarterly updates on activity.  In their report on the 123,000 phishing attacks that took place globally during H1 of 2014 they saw 25.7% of all phishing attacks aimed at the banking/finance sector, with PayPal being the most targeted brand.

Almost every Top Level Domain has been used at some point by phishers.  In the APWG report it was identified that 227 different TLDs had been used to launch phishing attacks, although just five had been used to instigate over 90% of the attacks.   In order to make URLs within emails look more credible, fraudsters have had to look at the most extreme ccTLDs.  The introduction of free TLDs such as .tk and .pw (two of the five most used) has given the banking industry further headaches as they have to extend their brand monitoring and protection policies.  The average phishing attack lasted over 32 hours in the period covered by the report – with virtually no cost to launch an attack, the return on investment during that period fuels more and more attempts to dupe banking customers.  But could there be some good news on the virtual horizon?

In a few days’ time the dotBank new gTLD will be available for organisations that can prove their banking credentials.  These include institutions owned by shareholders and supervised by a government regulatory authority that hold a banking licence or other relevant charters.  In the UK alone, the Bank of England list 111 institutions (excluding itself) that are classed as a bank, and could thus apply to register and run a dotBank TLD.  What this will mean is that consumers should be able to trust that any communication that comes from an email address or reverts to a website URL using a dotBank domain name is from a bank.  There can be no greater stamp of trust for the consumer.  Of course, the onus on the banks to communicate this message to their clients is of primary importance.  We all know that consumer perception of the new gTLD is far from where it should be so it’s possible that some individuals and businesses may view a dotBank with more skepticism that a dotCom or dotNet.  Will this stop the cybercriminals launching phishing attacks?  Unfortunately not - it only takes one victim to be hoodwinked for the scam to be worthwhile.