"It's perfect spear-phishing," he said, noting that attackers can reach an entire community of users, as they did with the CheckFree attack, by hijacking just one domain name.

Domain-name phishing attacks can be very effective because if just one victim hands over login credentials to a popular domain, thousands of Web surfers can be attacked. To make matters worse, people who own domain names are accustomed to receiving regular e-mail from registrars such as Network Solutions asking them to enter account information. That's because the group that governs Internet domain names, ICANN (the Internet Corporation for Assigned Names and Numbers), requires that this information be reviewed annually.

There were several variations on the Network Solutions scam. In one, customers were told that their domain names had expired and that they were eligible to receive money generated from the sale of the domain to someone else.

This was not the first time Network Solutions has been targeted by phishers, Wade said. The company has taken security measures since the attack, but she did not want to describe them for fear of helping other criminals.

"We were able to work pretty quickly to shut down the [phishing] sites and notify customers," she said.