New gTLDs Don’t Have A Major Impact On Phishing Yet – 85% Of Phishing Domain Names Were Registered In China

gtldsAnti-Phishing Working Group, Inc. published the Global Phishing Survey “Trends and Domain Name Use in 1H2014“.

This report examines all the phishing attacks detected in the first half of 2014 (January 1 to June 30).

One thing that can’t be emphasized enough is the effect on phishing that free domain names have. Most of the phishing that didn’t involve a hacked domain name was done using a free domain name like .TK. I am waiting for the next report to see what impact will have all the free New gTLD domains from .xyz, .ovh, .science etc. will have.

Some Key Findings in this report:

  • The introduction of new top-level domains did not have an immediate major impact on phishing.
  • Chinese phishers were responsible for 85% of the domain names that were registered for phishing.
  • Malicious domain and subdomain registrations continue at historically high levels, largely driven by Chinese phishers.
  • Apple became the world’s most-phished brand.
  • The average uptimes of phishing attacks remain near historic lows, pointing to some success by anti-phishing responders.
  • The companies (brands) targeted by phishing targets were diverse, with many new targets, indicating that e-criminals are looking for new opportunities in new places.
  • Mass hackings of vulnerable shared hosting providers led to 20% of all phishing attacks.

Some key statistics:

  • The attacks occurred on 87,901 unique domain names. This is up from the 82,163 domains used in 2H2013.
  • The number of domain names in the world grew from 271.5 million in November 2013 to 279.5 million in April 2014
  • Of the 87,901 phishing domains, we identified 22,679 domain names that we believe were registered maliciously, by phishers.This is almost the same number found in 2H2013.
  • Most of these registrations were made by Chinese phishers, especially using free domain name registrations in certain TLDs like .tk. The other 59,485 domains were almost all hacked or compromised on vulnerable Web hosting.
  • Phishing occurred in 227 top-level domains (TLDs), but 90% of the malicious domain registrations(20,565) were in just five TLDs: .COM, .TK, .PW, .CF. and .NET.
  • A small number of phishing attacks were seen in the new generic top-level domains that began launching in early 2014.
  • Only about 1.7% of all domain names that were used for phishing contained a brand name or variation thereof.
Sold Domains

About Konstantinos Zournas

I studied Computer Engineering and Computer Science in London, UK and I am now living in Athens, Greece. I went online in 1995, started coding in 1996 and began buying domain names and creating websites in 2000. I started the OnlineDomain.com blog in 2012.

4 comments

  1. Hello Konstantinos,

    Great Presenration,as usual your blog is a breath of fresh truth based information.

    We cringe to think of the hordes of new GTLD entering the DNS system. CRIDOs early warnings of mass phishing to be coming with the GTLD debacles introduction, will be more and more evident as time goes by, we predict.

    Mean while the DNSs Neutrality continues to be threatened by the New GTLD hordes introductions. We are hoping a complete freeze of GTLDs operations are instated and there are powerful forces afoot for this to happen.

    Think you want to gamble on the New GTLDs , we suggest you stay far far away from this Fiasco. JAS 3/13/15

    Gratefully, Jeff Schneider (Contact Group) (Metal Tiger)

    • “We are hoping a complete freeze of GTLDs operations are instated and there are powerful forces afoot for this to happen.”……….lol, uhhhh OK…..This is a domain blog not a Star Wars forum……

  2. I’m not sure if that is even the real Jeff Schneider or some one just joking or in love with the crackpipe 🙂

    Anyway, back to reality, it’s good to see that the new gtlds hardly are involved in phishing. Also the registries themselves are pro-active to protect their investments.

Leave a Reply

Your email address will not be published. Required fields are marked *