Home / News

Phishers Expand Number of Top Level Domains Abused, Policy Changes Found Effective in Prevention

The new Global Phishing Survey released by the Anti-Phishing Working Group (APWG) this month reveals that phishing gangs are concentrating their efforts within specific top level domains (TLDs), but also that anti-phishing policies and mitigation programs by domain name registrars and registries can have a significant and positive effect.

For this new study, covering the first half of 2008, Rod Rasmussen of Internet Identity and Greg Aaron of Afilias surveyed 47,324 unique phishing attacks located on 26,678 unique domain names. The number of TLDs abused by phishers for their attacks expanded 7 percent from 145 in H2/2007 to 155 in H1/2008. The proportion of Internet-protocol (IP) number-based phishing sites decreased 35 percent in that same period, declining from 18 percent in the second half of 2007 to 13 percent in the first half of 2008.

The full report is available for download here (press release).

Related topics: Domain Names, Registry Services, Policy & Regulation, Security, Spam, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Whois Proxy Correlation? Paul Stahura  –  Nov 25, 2008 12:18 PM PST

Its interesting that of two TLDs - .biz and .us, which are about the same size and run by the same operator, that .us has a higher score (more phishing) than .biz, while one of the only differences between these two TLDs is the .us does not allow proxy services and .biz does.  There seems to be an inverse correlation - no proxy allowed gets more phishing - which may deserve more investigation.

Paul - that might be within statistical error limits? Suresh Ramasubramanian  –  Nov 27, 2008 2:55 AM PST

biz and us are certainly far lower down on the list of most abused TLDs than com, cn, info ..

They used to have a much more massive problem earlier, mostly with spam sites - but that seems to have been resolved ages back.

I'm not comparing .biz to .com Paul Stahura  –  Nov 30, 2008 10:24 AM PST

Its like running an experiement.  Try to keep as many variables constant as you can, so you can see the effect of the single variable you are changing.  .biz and .us have many variables in common, except one major variable: .us does not allow proxy whois registrations, and .us does. Thanks to this report we can compare these two TLDs when it comes to phishing. It was said that proxy whois registrations lead to more phishing.  Comparing these two very similar TLDs shows that apparently that is not the case.

I meant... Paul Stahura  –  Nov 30, 2008 10:25 AM PST

.us does not allow proxy whois registrations, and .biz (not .us) does.

To post comments, please login or create an account.

Related Blogs

Did the DPRK Hack Sony?

The Empire Strikes Back: "New" Verisign Hums a Familiar Tune

Thirty-Three Million and Counting

The Real Facts About New gTLDs

Can Big Companies Stop Being Hacked?

Related News

Topics

Industry Updates – Sponsored Posts

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Minds + Machines in 2014 and 2015

New .VOTE and .VOTO Domains Launched

Consumers Prefer the .ORGANIC Domain for True-Organic Goods

DNW Podcast Interview with Antony Van Couvering

TLD Registry and Right of the Dot Establish a Domain Name Industry "Dream Team"

TLD Registry Ltd Welcomes New Board Members

New .LGBT Top-Level Domain Launched

.sydney Domain Names Now Available in Pre-Release

"Chinese Domaining Masterclass" to be Presented at NamesCon Las Vegas in January 2015

Auction and Sales Channel Update

Radix Set to Launch .SITE TLD in 2015

Annual Manthan Award Event This Week

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

List of New gTLD Availability & Key Information Provided for Download

Radix Launches .Space for Individuals, Freelancers and Professionals

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Public Interest Registry Introduces 'OnGood' - New Brand Identity for .ngo & .ong

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNSSEC

Sponsored by
Afilias
dotMobi

Mobile

Sponsored by
dotMobi
Verisign

Security

Sponsored by
Verisign