Study: Phishers Target Specific TLDs

The Anti-Phishing Working Group (, an organization that tracks and attempts to reduce phishing scams, has released the results of a new study which reveals that phishers are increasingly focusing their efforts within top-level domains.

The APWG research showed that .hk and .th domains drew in the most phishing attacks per 10,000 domains.

Focusing on the first half of 2008, the study, "Global Phishing Survey: Domain Name Use and Trends in 1H2008" surveyed 47,324 unique phishing sites found on 26,678 unique domain names. The report can be downloaded here.

The APWG discovered the number of TLDs abused by phishers climbed 7 percent , increasing from 145 in the second half of 2007 to 155 in the first half of 2008.

Meanwhile, the proportion of IP number-based phishing sites dropped by 35 percent in that same period, decreasing from 18 percent in the second half of 2007 to 13 percent in the first half of 2008.

The group measured the number of phishing attacks per 10,000 domains. The .hk domain saw 142.1 phishing attacks per 10,000 domains, followed by .th with 43.1, and .su, .ru and .fr came in third, fifth and tenth positions, respectively.

"We're seeing a trend away from fixed IP-based URLs which are readily shut-down to use of more domain based URLs," Internet Identity's Rod Rasmussen, co-chair of APWG's Internet Policy Committee, said in a statement. "Many of these are on compromised servers which already have established 'good' reputations, while others are on fraudulently registered domain names supported by botnets or other throw-away hosting resources."

The study also recorded the number of phishing domains per 10,000 registered domains in that TLD. The .com domain took in average of 1.6 phishing domains per 10,000, positioning it at 71, while the .hk domain took the top spot with 32.2 per 10,000.

The study also showed that phishers used 4,512 subdomain sites or accounts under 274 unique second-level domains.

No responsibility can be taken for the content of external Internet sites.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: