Get Our Newsletter — Subscribe Here
.Link domains
.Link domains
.Link domains

Domain Name Wire | Domain Name News

Domain Name Industry News

Featured Domain Ads

.onl you online
.link
.store Domains

Advertisement

Identity Digital
Home Policy & Law

New phishing report names and shames TLDs, registrars

Leave a Comment

Phishers continue to like cheap domains.

Interisle published its Phishing Landscape 2024 report today, naming top level domains and registrars commonly used in phishing attacks.

The company analyzed 1.9 million phishing attacks that took place between May 2023 and April 2024.

Notably, this period began shortly after Freenom, a phisher’s favorite because of its free country code domain registrations, stopped offering registrations.

Interisle says the shutdown forced phishers to find new favorites. They overwhelmingly moved to cheap new top level domains and free subdomains such as blogspot addresses.

42% of all domains reported for phishing were registered in new TLDs, up from 25% the year prior. Subdomains use was up 51% to over 450k reported names, representing 24% of all phishing attacks.

While .com had the highest number of phishing domains reported, it was quite small relative to the size of the zone (over 150 million domains).

The report singled out .top, with over 100,000 phishing domains reported on a domain base of under 3 million. (More than 3 million .top domains are now registered, and ICANN sent a breach notice to the company last week.)

Interisle analyzed the percentage of domains in TLDs that were used for phishing. The top five were:

  1. .lol
  2. .bond
  3. .support
  4. .top
  5. .sbs

The organization noted that a common thread is low pricing, as shown in this chart:

Chart showing list of most-phished top level domains compared to price
Source: Interisle Phishing Landscape 2024

All but three of the 35 gTLDs with the highest phishing rates were available for under $5, ten were available for under $1, and 27 for under $2.

Interisle’s report said that high incidents of phishing can be determinantal to top level domains:

High scores are a liability for registry operators. High yearly phishing domain scores erode the reputation of a TLD. poor reputations. Risk-averse organizations have resorted to blocklisting entire TLDs, and some blocklist providers and security companies assign increased risk scores to TLDs with poor reputations.

The report also named domain name registrars with a high rate of abuse.

An astonishing 45% of NiceNIC’s 100,000 gTLD domain names under management were reported for phishing. (NiceNIC has also been copying and republishing Domain Name Wire articles without permission.) Other top registrars based on abuse rate were URL Solutions, Aceville, WebNic, and OwnRegistrar.

The full report is available here.

Share this post...

Share on LinkedIn Share on Reddit

Related Articles

About Andrew Allemann

Andrew Allemann has been registering domains for over 25 years and publishing Domain Name Wire since 2005. He has been quoted about his expertise in domain names by The Wall Street Journal, New York Times, and NPR. Connect with Andrew: LinkedIn - Twitter/X - Facebook

Advertisement

Global Domain Report

Get Our Newsletter

Stay up-to-date with the latest analysis and news about the domain name industry by joining our mailing list.


No spam, unsubscribe anytime.

Reader Interactions

Leave a Comment

Trending Now

About DNW

Domain Name Wire is a trade publication for the domain name industry covering topics relevant to domain investors, brand owners, policy makers, domain registrars and registries, and more. Founded in 2005, Domain Name Wire has been cited by Wall Street Journal, New York Times, NPR, and Washington PostRead More About DNW.

Get Our Newsletter

Stay up-to-date with the latest analysis and news about the domain name industry by joining our mailing list.


No spam, unsubscribe anytime.

Domain Name Wire | Domain Name News