A .bank Domain To End Phishing? Get Real!
This is one of the most crackpot ideas I’ve seen: create a .bank top-level domain and restrict it only to banks. Will that make phishing for bank information less possible? I don’t think so. The problem is very simple: most people aren’t observant of where they are connecting to or what might be showing in their browser’s URL field. They also most certainly don’t check the SSL Certificate to validate who signed it, or even to see if they are using SSL mode.
There’s a reason companies like Verisign charge a lot of money for an SSL certificate: because they actually do some work to validate that the company signing up for an SSL certificate is actually who they say they are. If you check the SSL certificate for a secure site and it says Verisign signed it, you can be fairly certain you are talking to a company you think you are talking to.
Most phishing issues would go away if people were to simply be observant of where they connect. That means making sure the link you think you are clicking on is going to site it says. “Mouse over” the link and look at the lower part of the browser window. Does it match? Or better yet: don’t click on a link that you received over email.