Phishing attacks have risen almost 40% in the year up to August 2024 in new generic top-level domains, including .shop, .top, and .xyz, as 37% of cybercrime domains reported between September 2023 and August 2024 were in new gTLDs.
Interisle Consulting’s phishing report shows that these new gTLDs only have an 11% share of the new domains market in the same period.
.com and .net domains comprised50% of the domains registered in the previous year but represented just over 40% of cybercrime domains.
A near-equal 37% of cybercrime domains were registered through new gTLDs due to their cheap or free registration and insufficient identity verification requirements.
ICANN plans to propose new gTLDs again in 2026 despite reports of phishers abusing these domains.
New gTLD registrars tend to sell domains cheaply to customers who buy them in bulk but end up losing out as criminals and spammers never renew.
This past year, the US Postal Service was the most common target of phishing attacks, while cybercriminals are increasingly turning to subdomain providers to disguise their criminal activity.
Interisle tracked more than 1.18 million cases of subdomains being used for phishing in the past year, and more than half of those were subdomains at Google.
Subdomain providers should limit the number of subdomains a customer can create at one time and suspend automated, high-volume automated account sign-ups.