Global Phishing Survey, New gTLD Domain Names, Malicious Registrations

graphic of APWG Global Phishing Survey major findings
source: APWG Global Phishing Survey, infra
"... the problem in the nTLDs [new generic top-level domains] are malicious registrations, made for the purpose of phishing. Of the 6,549 domains used for phishing in the 228 nTLDs, 86% (5,633) were registered maliciously ... 71% of those malicious registrations were found in just ten nTLDs [chart below] ... The TLD market is now more crowded and competitive than at any time in history, and some nTLD registries have been competing aggressively on price ..."--APWG, infra
Top ten nTLDs with malicious domain name registrations
source: APWG.org
APWG (Anti-Phishing Working Group | domain: apwg.org)  released its latest Domain Name Use and Trends report (embed below) on 26 June 2017:

"Some Key Findings in this report:
  • There were at least 255,065 unique phishing attacks worldwide. This represents an increase of over 10% from the 230,280 attacks we identified in 2015. An attack is defined as a phishing site that targets a specific brand or entity. A single domain name can host several discrete phishing attacks against different banks, for example.
  • The attacks occurred on 195,475 unique domain names. This is the most we have recorded in any year since we began these reports in 2007. The number of domain names in the world grew from 287.3 million in December 2014 to 329.3 million in December 2016.
  • Of the 195,475 domains used for phishing, we identified 95,424 domain names that we believe were registered maliciously by phishers. This is an all-time high, and almost three times as many as the number we found in 2015. A little over half of these registrations were made by Chinese phishers. The other 100,051 domains were almost all hacked or compromised on vulnerable Web hosting. This means that nearly half of all domains that hosted phishing sites were maliciously registered.
  • Seventy-five percent of the malicious domain registrations were in just four TLDs: .COM, .CC, .PW, and .TK. More than 90% of malicious domains were found in just 14 TLDs. Please see pages 16-17 for more detail.
  • We counted 679 targeted brands. This dropped from 783 in 2015. Phishers are still creating kits dedicated to attacking both popular targets and new targets.
  • Phishing occurred in 454 top-level domains (TLDs). Two-hundred twenty-nine (228) were new top-level domains launched since 2013." (emphasis added)
The Anti-Phishing Working Group (APWG)is a non-profit industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. The organization provides a forum to discuss phishing issues, define the scope of the phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem.

Global Phishing Survey: Domain Name Use and Trends in 2016 (embed below)

See also:

feedback & comments via twitter @DomainMondo


Domain Mondo archive