The new ICANN arrangement for opening up new domains and web addresses that recently becames effective is good news for fraudsters. Other Gartner analysts, i.e. Andrew Frank, Lydia Leong and Ray Valdes, cover the overriding advertising and domain registration/monitoring aspects, but from a fraud point of view, this is bad news for legitimate users.

This will make it much easier for hackers to phish or spoof consumers (and thereby deliver malware to endpoints and/or collect sensitive information) because:

a. They can make use of unlimited choices to spoof known brands – meaning consumers will have a much harder time knowing what’s real and what isn’t

b. It will be exponentially that much harder to detect the spoof site using customer feedback mechanisms, and that much harder to take them down since they won’t be identified as quickly

c. Brand protection will be much costlier because there is exponentially more to monitor.

All is not lost to the hackers, however. For enterprises worried about their brands being phished, there are a series of measures that can be taken by adopting a layered security approach that includes:

  1. anti-phishing services that detect and take down phishing attacks
  2. email-certification and blocking services
  3. Phishing site linkage detection and browser protection

While it will cost enterprises precious resources to adopt these services, it’s time for them to start looking outside their firewalls in order to protect their assets and users. The ICANN decision adds a sense of urgency to the matter.


This article was originally published on the Gartner website, and is used by permission. Avivah Litan is a vice president and distinguished analyst in Gartner Research. Her area of expertise includes fraud detection and prevention applications, authentication, adaptive access management, identity proofing, identity theft, and other areas of information security and risk. She also covers the PCI compliance program and the security aspects of payment systems.