Dec 04, 2024 12:00:00

Why do phishers tend to use new domains?

A study by Interisle Consulting found that scammers tend to use new domains such as '.shop,' '.top,' and '.xyz' when setting up phishing sites.

Phishing Landscape 2024: An Annual Study of the Scope and Distribution of Phishing — Interisle Consulting Group
https://interisle.net/insights/phishing-landscape-2024-an-annual-study-of-the-scope-and-distribution-of-phishing

Why Phishers Love New TLDs Like .shop, .top and .xyz – Krebs on Security
https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/

Interisle obtained and analyzed data on cybercrime domains from anti-spam organizations such as the Anti-Phishing Working Group (APWG), the Coalition to Combat Spam (CAUCE), and the Messaging, Malware and Mobile Abuse Working Group (M3AAWG).

According to the survey, of all newly registered domains between September 2023 and August 2024, the two top-level domains (TLDs) '.com' and '.net' accounted for approximately half of the registrations, while TLDs that have emerged in recent years, such as '.shop', '.top', and '.xyz', accounted for only about 11%.

However, if we limit the data to sites reported as phishing sites, the share of the '.com' and '.net' TLDs drops to about 40%, while the share of the new TLDs rises to about 37%.

Brian Krebs, an internet security expert, analyzed that the reason scammers like new TLDs is because registrars for new TLDs tend to offer domains at low cost without verifying the person or organization registering them. In fact, of the TLDs that are most frequently used for cybercrime, nine have registration fees of less than $1, and about 20 have fees of less than $2.

John Levine, president of the Coalition to Combat Spam (CAUCE), criticized ICANN for introducing TLDs one after another, saying, 'We need to significantly tighten our registration policies.' He also said of registrars who operate new TLDs, 'They tend to offer domains at low prices to cover the initial costs of operating a TLD, which can be up to $300,000 (approximately 45 million yen), but they cannot make a profit in business unless they can be renewed at full price from the second year onwards. Scammers and spammers use disposable domains and do not renew them, so selling domains to them in the hope that they will buy a large number of domains at once tends to be a losing strategy.'

According to Interisle's research, the number of phishing sites using subdomain providers is also on the rise. 'Since scammers often create a large number of accounts at once, subdomain providers should limit the number of accounts and prevent automatic registration by bots,' said Levine.

Related Posts:

Dec 04, 2024 12:00:00 in Web Service, , Posted by log1d_ts