Despite an explosive start, new gTLDs still account for a small share of domain names targeted by phishing. This is a conclusion that the Anti-Phishing Working Group (APWG) draws in its report on the results of the second half of 2014.
APWG recorded 123,972 phishing attacks during the period, with 9,5321 domains used to phish, an 8.4 percent increase from the first half of 2014. The number of domains that were registered maliciously in order to phish was 27,253. Others were compromised and used for attacks. New gTLDs accounted for 335 of the maliciously registered domains, of which by far the greater part, 274, was registered in .XYZ.
.COM is naturally the leader in terms of malicious registrations, followed by .TK in Tokelau, .PW in Palau, .CF in the Central African Republic and .NET. Together, they account for 75 percent of all phishing attacks. However, most phishing domains in .COM were compromised and were not intended to be used for malicious purposes. As for the geography of attacks, over 80 percent targeted Chinese consumers and companies.
