Latest news of the domain name industry

Recent Posts

Phishers prefer free ccTLDs to new gTLDs

Kevin Murphy, September 29, 2014, 17:14:56 (UTC), Domain Registries

Domains in free and cheap ccTLDs are much more likely to host phishing attacks than new gTLDs.

That’s one of the conclusions of the latest report of the Anti-Phishing Working Group, which found that Freenom’s re-purposed African ccTLDs were particularly risky.

The first-half 2014 report found 22,679 “maliciously registered” domains used in phishing attacks. That’s flat on the second half of 2013 and almost double the first half of 2013.

Only roughly a quarter of the domains used in phishing had been registered for the purpose. The rest were pointing to compromised web servers.

On new gTLDs, the APWG said:

As of this writing, the new gTLD program has not resulted in a bonanza of phishing. A few phishers experimented with new gTLD domain names, perhaps to see if anyone noticed. But most of the new gTLD domains that were used for phishing were actually on compromised web sites.

The new gTLDs .agency, .center, .club, .email and .tips were the only ones to see any maliciously registered phishing domains in the half — each had one — according to the report.

The APWG speculates quite reasonably that the relatively high price of most new gTLD domains has kept phishers away but warns that this could change as competition pushes prices down.

While .com hosts 54% of all phishing domains, small ccTLDs that give away domains for free or cheap are disproportionately likely to have such domains in their zones, the report reveals.

The Freenom-operated ccTLDs .cf (Central African Republic), .ml (Mali) and .ga (Gabon) top the table of most-polluted TLDs, alongside PW Registry’s .pw (Palau).

Freenom, which also runs .tk, offers free domains, while PW Registry has a very low registry fee.

APWG measures the risk of phishing by TLD by counting phishing domains per 10,000 registered names, where the median score is 4.7 and .com’s score is 4.1.

.cf tops the charts with 320.8, followed by .ml with 118.9, .pw with 122, .ga with 42,9 and .th (Thailand) with 27.5. These number include compromised as well as phisher-registered domains.

Read the APWG report here.

Tagged: , , , , ,

Comments (1)

  1. Raj Domains says:

    thnx for the info.. phishing is one of the problems that most of people have to face.

Add Your Comment