menu
techminis

A naukri.com initiative

google-web-stories
source image

Krebsonsecurity

3w

read

179

img
dot

Why Phishers Love New TLDs Like .shop, .top and .xyz

  • Phishing attacks have risen almost 40% in the year up to August 2024 in new generic top-level domains, including .shop, .top, and .xyz, as 37% of cybercrime domains reported between September 2023 and August 2024 were in new gTLDs.
  • Interisle Consulting’s phishing report shows that these new gTLDs only have an 11% share of the new domains market in the same period.
  • .com and .net domains comprised50% of the domains registered in the previous year but represented just over 40% of cybercrime domains.
  • A near-equal 37% of cybercrime domains were registered through new gTLDs due to their cheap or free registration and insufficient identity verification requirements.
  • ICANN plans to propose new gTLDs again in 2026 despite reports of phishers abusing these domains.
  • New gTLD registrars tend to sell domains cheaply to customers who buy them in bulk but end up losing out as criminals and spammers never renew.
  • This past year, the US Postal Service was the most common target of phishing attacks, while cybercriminals are increasingly turning to subdomain providers to disguise their criminal activity.
  • Interisle tracked more than 1.18 million cases of subdomains being used for phishing in the past year, and more than half of those were subdomains at Google.
  • Subdomain providers should limit the number of subdomains a customer can create at one time and suspend automated, high-volume automated account sign-ups.

Read Full Article

like

10 Likes

For uninterrupted reading, download the app