Lapsed domain names paint "hack me" target on law firms


Originally published at:


Hmmm. Making a note…

1 Like

This should also be a godsend for spearphishing.


I wanted to inquire about some mortgage options in NYS and googled Abacus bank. My wife’s Chinese and grew up in Chinatown, and they got so shafted after '08, I wanted to give them my business. I found the site easily and signed up for an account and provided a bunch of financial information for prescreening. Then had a momentary uneasy feeling for a minute realizing I hadn’t followed up to see whether they’d actually weathered the storm. Is there a process for bank websites run by the SEC or FDIC or anything? I would hope there would be a formal body to seize these kinds of assets after the closing of a bank to avoid this kind of shenanigans…


Try the FDIC’s BankFind tool. it doesn’t cover all banks, just FDIC-insured ones, but that’s pretty much all the banks you’d want holding your assets anyway…

ETA: @HMSGoose, I just realized I may have misunderstood your question. The FDIC site I linked will only tell you if a given bank is active and insured, not what their website is, whether their website credentials are compliant, etc. If I find any resources related to that, I will update this comment again. Okay, the BankFind site allows URL searches so you can verify the URL and active status of a given bank, like so:

1 Like

I work for a company that used to have two 'H’es in its name, so I registered the same domain but with three 'H’es in it for giggles.

Man, the crazy email I used to get…

closed #8

This topic was automatically closed after 5 days. New replies are no longer allowed.