IT Security – Phishing
Domain name and shame


When companies decide to register a domain name, they should consider registeringa number of variants, or they might suffer severe embarrassment , writes David Neal.

IT Security – Phishing

Can you spot the differencebetween the following twoURLs: and right, one has a .gov.uksuffix, the other a To theuninitiated that probably means little,but more savvy internet userswill know that the former is an officialgovernment URL, which canonly be registered by the chapsfromWestminster, while the other a domain could easily beregistered by anyone, from the governmentitself to a bored student.

Which, indeed, it was.The site is a spoof.Admittedly, it would be a lot moreobvious as a spoof if the addresswere,but its not. Insteadit bears all the hallmarks of the realMcCoy an unfortunate embarrassmentfor the government.

It does include clues that it isjokey, such as this advice: ?If you areinvolved in any emergency it isimportant to: Run like hell, particularlyif you caused the emergency.

Trample all others in your desperateattempt to escape. Loot on the wayout.? But in a country in whichRobson and Jerome can sell a millionrecords we cannot underestimatethe intelligence of thepopulation,many of whom areundoubtedly looking forward toupgrading their television setsbefore the long dark nuclear winter.

Of course the governmentshould have seized all variants of itsnew domain as soon as someone sittingaround the board table suggestedthe project and someone elsewent, ?by Jove I think hes got it?.

Instead it saved a few quid and stuckwith the easily recognisable governmentdomain. But there lies the rub.

Its easily recognisable to you and I,but it could confuse a lot of people.There are myriad domainextensions that the governmentcould have registered, including theaforementioned and otherssuch as .info the domain reservedfor disseminating information, which is undoubtedly the aim ofthe site in question. So it is unfairto brandish the stupid stick only inthe direction of the general populacewho know enough about theinternet to at least put on theend of a UK internet address.

Like the government, firms havea couple of choices tomake whencoming up with a new domainname. First they have to find a newname to register, and second theyhave to decide where to register it.

The government got the first partright it ignored my suggestion andchose a title that would appeal to themarketing bods at Ronseal, but itfailed in the second instance.

The vagaries of the online rankingsystem mean the spoof versionhas a higher place on Google thanthe official one, so in the split secondafter the bomb and before thepower goes out, hapless internetusers looking for help will be toldthey should: ?Try to remain calmand try to reassure others.Or, tramplethemin a desperate attempt toflee as the building youre in is consumedby a radioactive cloud.?

This is not ideal, and althoughby the time the nukes fall it will betoo late for their customers, firmsdo still have time to learn from thegovernments mistake.When registering a domain itpays to cast your net wide.