National domains of African and Asian states that offer free or extremely cheap registration are more often used to create resources for phishing attacks. This is one of the conclusions of the report prepared by Anti-Phishing Working Group (APWG). Domain zone .COM obviously leads by the number of resources used in phishing attacks. 54% of all domains found guilty of phishing are registered there. However, if you consider percentage shares and not absolute numbers the situation is completely different.
APWG developed an index by counting phishing domains per ten thousand registered names. From this point of view, the absolute leader is ccTLD of Central African Republic .CF – 320.8 phishing domains per 10 thousand registrations. It is followed by .PW (ccTLDs of Palau islands in Micronesia) with 122 domains, .ML (Mali) – 118.9, .GA (Gabon) – 42,9. In .COM this index is only 4.1 phishing resource per 10 thousand registrations. (Aforementioned figures include domains initially registered for phishing and webpages hacked and used for phishing attacks later by cybercriminals).
Registrar Freenom operates named African domains, it offers free registrations. Domain .PW is administered by PW Registry that is famous for it’s low prices. This factor obviously is decisive for the phishers when creating malicious webpages. New domains haven’t evoked interest in cybercriminals, probably because the registration price is relatively high.
