|source: APWG Global Phishing Survey, infra|
"... the problem in the nTLDs [new generic top-level domains] are malicious registrations, made for the purpose of phishing. Of the 6,549 domains used for phishing in the 228 nTLDs, 86% (5,633) were registered maliciously ... 71% of those malicious registrations were found in just ten nTLDs [chart below] ... The TLD market is now more crowded and competitive than at any time in history, and some nTLD registries have been competing aggressively on price ..."--APWG, infra
"Some Key Findings in this report:
- There were at least 255,065 unique phishing attacks worldwide. This represents an increase of over 10% from the 230,280 attacks we identified in 2015. An attack is defined as a phishing site that targets a specific brand or entity. A single domain name can host several discrete phishing attacks against different banks, for example.
- The attacks occurred on 195,475 unique domain names. This is the most we have recorded in any year since we began these reports in 2007. The number of domain names in the world grew from 287.3 million in December 2014 to 329.3 million in December 2016.
- Of the 195,475 domains used for phishing, we identified 95,424 domain names that we believe were registered maliciously by phishers. This is an all-time high, and almost three times as many as the number we found in 2015. A little over half of these registrations were made by Chinese phishers. The other 100,051 domains were almost all hacked or compromised on vulnerable Web hosting. This means that nearly half of all domains that hosted phishing sites were maliciously registered.
- Seventy-five percent of the malicious domain registrations were in just four TLDs: .COM, .CC, .PW, and .TK. More than 90% of malicious domains were found in just 14 TLDs. Please see pages 16-17 for more detail.
- We counted 679 targeted brands. This dropped from 783 in 2015. Phishers are still creating kits dedicated to attacking both popular targets and new targets.
- Phishing occurred in 454 top-level domains (TLDs). Two-hundred twenty-nine (228) were new top-level domains launched since 2013." (emphasis added)
Global Phishing Survey: Domain Name Use and Trends in 2016 (embed below)
Tweets by APWG