Bank Launches .mobi Website

In one of the first examples of a large company utilizing (and actually marketing) the .mobi extension, Bank of America launched bofa.mobi. The Bank is heavily promoting this with a retail merchandising campaign, including bofa.mobi window decals in their large branches in Manhattan.

I think this is a positive development for the .mobi extension, as the Bank could have simply used their standard domain name and detected the type of browser the visitor was using. They could have also gone to market with the domain name and only used it for protective purposes, so consumers or other companies couldn’t use the name. A heavy endorsement of this website is a positive sign for the staying power of .mobi.

I have one security concern with this, and I hope the Bank is mindful of it. What if someone set up a malicious website on a similar domain name that only had two lines asking for an account number and password? Since we are talking about mobile devices with small screens, unknowing consumers could accidentally submit their banking information, unaware that this wasn’t the Bank’s website. It’s one thing if someone did this with typos of the full Bank of America name and/or used the Bank’s logos, as that would be a federal offense. My concern is if they weren’t this sophisticated.

Bank of America needs to do a very good job of training their customers about what to look for on the bofa.mobi site so they know if they accidentally navigate to another website in error. They should also buy as many .mobi typos similar to their bofa.mobi domain name, so nobody has the opportunity to set up a malicious website.

I don’t have much of a stake in the .mobi extension with only two .mobi names in my portfolio, but I believe this is a good endorsement from a major corporation.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

2 COMMENTS

  1. I do have a stake, with about 30 premium mobis, so I’m glad to see this development, but I can see how phishing would be a concern. They’ve already taken steps with their regular dot com website to prevent this, though. You enter your ID on one page, then you are taken to another page where you enter your password only if you see a “sitekey” that you have pre-selected. The sitekey might be an image of a skyscraper, or a cloud, for example. If you don’t see your sitekey, you know there’s a problem and you don’t complete your login.

    ***UPDATED BY ELLIOT***
    I think most web-savvy people would know enough not to be confused. I am concerned that less savvy people will use bofa.mobi and not know what to expect. I think it would be difficult to successfully pull off, but phishers come up with various ways to scam people.

  2. i second Domainer Pro in terms of the BOA giving mobile banking and phishing as a concern. Infact it might be more serious thing as there is Mobile operator, WAP Gateways, Over the air sniffer (phone to tower) can also get introduced as a potential threats and attackers.

    BOA can give a hardware to all the mobile banking users to briing 2FA but as a user experience it will not fly as now i will have to carry phone + hardware token for banking.

    Even said that – it is a good move by BOA to give mobile as it makes more sense to the customer and the bank as it will be more revenue generating.

    cheers
    vikram
    Security Consultant + Founder – Eighth Intuition / EZMCOM

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Spend.com Caught by DropCatch

1
DropCatch.com has won the sweepstakes to catch Spend.com, a domain name that was fully deleted by its former registrar, Amazon. The domain name will...

GoDaddy: “A product’s been removed from your GoDaddy account”

4
Over the past few days, I received quite a few emails from GoDaddy with the subject "A product's been removed from your GoDaddy account."...

Atom.com: “Suspected Phishing” Warning (Update)

1
I received an email from Atom.com notifying me that one of my domain names has been added to its new Sapphire Marketplace, which was...

Domain Academy Offering Free “Domain Detox” Webinar

2
As my portfolio has become larger, I have been spending more time evaluating whether to renew domain names or let them expire and save...

Samba.com Expiry Auction Winning Bid was $143,000

2
Samba.com was the most exciting expiry auction I've been following for a while. The domain name had once been owned by a company in...