Mikko Hypponen, chief research officer at F-Secure, had an idea for taking the fight to financial phishers: change banks’ domain names from the common .com (in the U.S.) to a new ending, created specifically for legitimate financial institutions, such as .bank.

The price for registering on this domain would be pricey, to say the least - $50,000 was Hypponen’s suggestion – making it impossible for copycat URL-buyers to snatch up the sites at the cheap rates they do now.

“Banks would love this. They would move their existing online banks under a more secure domain in no time,” says Hypponen, citing museums as an example, on the F-Secure weblog.

Other security bloggers disagreed.

Adam at Emergent Chaos argued that money is the problem – for the legitimate bankers, not the crooks – as scammers are already investing in phishing websites. And it won’t help the people who fall for phishng scams anyway, he said.

Jeremiah Grossman was using the same logic. “The users who are getting phished are the same ones who would ignore a big red banner on the page that says, ‘THIS IS A PHISHING WEBSITE!’”

Dave G. at Matasano’s blog said the new domain won’t help phishers see the light, but will help vendors catch more phishing sites. The domain would also bring up the philosophical question of what is and is not a financial institution.