Why is this a problem? Is it from users recognising the name and inherently trusting it without any further thought, e.g. if someone registered "login.bankofamerica"?