20Twenty ripe for phishing attack?

Apparently, Standard Bank has recently closed down 8 phishing sites in the last 4 weeks (according to an ITWeb article). Not surprising that South African banks are being targeted. With clients of Citibank and other popular US banks now either aware of the practice, or penniless after having been cleaned out, the phishers need to move on. And what better place than South Africa, a country where phishing attacks have been relatively rare.

Phishers commonly use URL’s that are very similar to the original URL, for example standbank.com instead of standardbank.com. I’d imagine mispellings such as standerdbank.com would also be popular, if available.

But that got me thinking. There’s one bank that I, as a client, have mispelled so many times it’s surely ripe for an attack. Yup, it’s twentytwenty. I mean twenty20. Or is that 20twenty? And is it .co.za or .com?

The good news is that in the co.za domain, all the ‘wrong’ URL’s are currently taken. Two by 20Twenty themselves – 20twenty.co.za and twentytwenty.co.za both redirect to the correct domain, 20twenty.com. The other option, twenty20.co.za, takes you to the rather sad and outdated website of one Twenty20 web studio. In the .com world, twentytwenty.com takes you to a cybersquatting search engine of sorts, that seems to be populated by nothing but Google ads, while twenty20.com redirects you to Radiant Systems, offering Point of Sale devices of Self-service kiosks.

If any of these domains became available, or the owners decided to branch out into a new line of business, I’m sure 20Twenty would be a relatively easy target. Perhaps now’s the time that 20Twenty, flush (I would guess) with funds from its new backer, can start on an education campaign for its clients, before it’s too late.

2 comments

  1. Hi there, thanks for the vote of confidence on my old sad website….

    I agree that it was getting rather long in the tooth as well, that is why i rippe it down and started using mambo cms rather…. it is now more a laygound for the ramblings of a warped mind, with small titbits of info tharown in for good measure.

    While on the subject, i have received numerous emails and telephone calls asking where is the bank —- and have always responded, giving confused visitors the info they requested as i am not permitted to link through to the banking website of the financial institution in question.

    They tried for over a year to forcefully remove the domain from my posession, but after a long tussle, they decided to leave it, but”monitor my website for inappropriate content”

    It is along story, the details of which i am happy to discuss if asked…

    the short of it is this – i bought it, i offered them a link and email re-directioon for a monthly fee. At this point i was called to a meeting and handed a lawyers letter saying that I was going to be in court on the grounds of passing off unless i close up shop and hand over the domain for a few hundred rands worth of back payments for hosting etc. It carrien on for ages and was finally dropped after an article was published by the cape argus.

    Well, that’s it really.

    Kind Regards
    Bronson Harrington

    The sad, tired and outdated Twenty20 web studio, cape town, south africa

  2. To Twenty20.co.za … gr8 improvement … power to the little man for standing up and winning.

    To the greenman.co.za,
    cybersquatting is when you register a domain name for the sole purpose of holding said company to ransom. what this is you are referring to is the business of expired traffic. check godaddy.co.za, they do not delete a domain no more, they offer it on auction. why¿ cause a domain with traffic is worth more than a new funky domain name.

    it’s traffic that makes the web go round

Comments are closed.