AUSTIN, Texas - Little more than a month after a CU Journal story detailing the potential threats of "typosquatting"-the practice of setting up websites at addresses very close to legitimate credit union websites in order to cash in when a member mistypes the URL-a California company bought more than 450 names that mimic many existing websites.
According to Credit Union Information Security Professionals Association (CUISPA) Executive Director Kelly Dowell, a company called Maltuzi Holdings of Mountain View, Calif. was listed in the Whois Source directory of domain names as the purchaser. Dowell said more than 100 similarly spelled domain names were registered each day from Sept. 9 to Sept 12. Dowell said his association is notified of any domain registration including the name "credit union" or "fcu" through a web service on Domain Tools.com called "Mark Alert."
Dowell said CUISPA has alerted the NCUA's regional information security officers who will monitor the situation. At press time, Maltuzi Holdings had not returned numerous phone calls, and a sample of the 450 recently filed domain names failed to bring up any websites. But it may only be a matter of time before sites are up and running at those addresses.
"It's a growing concern, but until case law catches up with it, there's nothing you can do," Dowell said. "As it is now, it's a monitoring situation."
As previously reported, Typosquatting refers to a website with a closely spelled listing that depends on a computer user misspelling a domain name. One example registered last weekend is a knock off of Suncoast Schools FCU in Tampa, Fla., which uses the domain of www.suncoastfcu.org. The recent registration included a www.suncoastschooldfcu.com that relies on someone missing the "s" key and accidentally striking the "d" key, plus using the common "dot-com" ending. Many times the alternate site has ads for loan programs or other financial products, leading the user to believe he is at the official credit union website.
Typosquatting can also use the exact same spelling of a credit union's existing web site, but alter the ending such as the recent filing of a domain name similar to Paducah Teachers FCU in Paducah, Ky. The official credit union website is at www.paducahteachersfcu.org while the new filing is the exact same spelling but with the .com extension.
The size of the institution doesn't necessarily matter. For example, Suncoast Schools is a $5-billion institution with more than 408,00 members. Paducah Teachers has only 1,100 members with less than $4.5 million in assets.
When contacted by The Credit Union Journal, PTFCU President Gail Otte said she was unaware of the new domain name registration and she would examine the matter when possible.
CUNA officials cited a recent case where Internet search engine giant Google won a successful case involving copyright of its product's name. The National Arbitration Forum gave Google control of several very similar domain names (googkle.com, ghoogle.com, for example) that a Russian man had registered and was using for profit.
For a full list of the 450 registered domain names, visit the CUISPA website listed below and click on the news link "Mass Credit Union Domain Name Registration" and the click on the list link to view the PDF file.
CUJ Resources
For info on this story:
* www.domaintools.com
* www.cuispa.org
