New ask Hacker News story: Ask HN: Registering common .zip domains to help prevent phishing attacks?
Ask HN: Registering common .zip domains to help prevent phishing attacks?
3 by elashri | 1 comments on Hacker News.
Hi HN, I recently registered the domain bank-statement.zip (and some mistyped variations), not because I plan to use it, but to prevent it from falling into the wrong hands. As some of you may know, .zip is a potentially dangerous TLD, as many chat and email clients will convert it to a clickable link, making it easy for attackers to trick unsuspecting users into downloading malicious files. That got me thinking: what if we could collectively register common domain names that correspond to common .zip names that ordinary users or parents might get confused about? For example, we could register tax-return.zip, invoice.zip, or receipt.zip, among others. By doing so, we could prevent these domains from being misused for phishing attacks. Of course, this initiative would require some coordination and funding, but I believe it's a worthwhile effort to protect users from falling victim to phishing scams. What do you think? Would you be interested in participating or supporting this initiative? It would be easy to register many domains as they are about $12. But some famous names will be more expensive beyond what a PhD student on stipend like me can afford.
3 by elashri | 1 comments on Hacker News.
Hi HN, I recently registered the domain bank-statement.zip (and some mistyped variations), not because I plan to use it, but to prevent it from falling into the wrong hands. As some of you may know, .zip is a potentially dangerous TLD, as many chat and email clients will convert it to a clickable link, making it easy for attackers to trick unsuspecting users into downloading malicious files. That got me thinking: what if we could collectively register common domain names that correspond to common .zip names that ordinary users or parents might get confused about? For example, we could register tax-return.zip, invoice.zip, or receipt.zip, among others. By doing so, we could prevent these domains from being misused for phishing attacks. Of course, this initiative would require some coordination and funding, but I believe it's a worthwhile effort to protect users from falling victim to phishing scams. What do you think? Would you be interested in participating or supporting this initiative? It would be easy to register many domains as they are about $12. But some famous names will be more expensive beyond what a PhD student on stipend like me can afford.
Comments
Post a Comment