Consulting company Interisle Consulting Group, which specializes in the development of Internet projects, has published its report on phishing attacks - Phishing Landscape 2023. Data for the report was provided by such authoritative sources as the Anti-Phishing Working Group (APWG), non-profit research organizations OpenPhish, PhishTank and Spamhaus. According to their information, the number of phishing attacks for the period from May 2022 to April 2023 amounted to 1,850,392, an increase of 727,813 compared to the previous same period. In just three years of publication of Interisle Consulting Group reports, the number of phishing attacks has tripled.
More than a million unique domain names have been used in attacks this year, the highest level since 2000. The leader in the number of phishing domains at the moment remains - which is not at all surprising - the largest and most popular domain zone .COM. This is followed by China's country code .CN, Mali's country code .ML, the new gTLD .TOP and Tokelau's ccTLD .TK.
In previous years, the top five also included .XYZ and .SHOP. In general, despite the fact that the share of new gTLDs accounts for only 8% of all domain names registered in the world, the share of these domain zones in the total mass of phishing attacks is significantly higher and amounts to 25%. At the same time, from year to year, only 25 domain zones remain the “suppliers” of 90% of phishing attacks emanating from new domains.
According to Interisle Consulting Group experts, two thirds of all domain names used in phishing attacks are initially registered for this purpose. By phishing registrations, researchers understand situations when a domain begins to be used in attacks within 14 days from the moment of registration. This happens in approximately 46% of all cases, while in 34% of cases the domain name is involved in phishing attacks within 48 hours of registration.
Talking about positive trends, we should note the improvement in the situation with domains managed by Freenom. The registry, which previously managed the country code domains Tokelau .TK, Mali .ML, Gabon .GB, Central African Republic .CF and Equatorial Guinea .GQ, is notorious for its little-to-no enforcement of domain name abuse. However, at the end of 2022, Meta (recognized as an extremist organization in the Russian Federation) filed a lawsuit against Freenom due to the mass registration of names illegally using Meta brand names. Also, one of its investors filed a lawsuit against Freenom, and the authorities of Gabon and Mali refused registry services. As a result, the company was forced to take action: between November 2022 and April 2023 alone, the number of domains associated with phishing activity in domain zones under its management more than halved.