Did you recently learn that the biggest phish friendly domain is now the .top domain?
The second place winner goes now to .com domains which doesn’t surprise me.
Did you know that .top is ran by a Chinese company? They have until mid august to show that they can handle phishing and abusive reports or lose its license.
On July 16, the Internet Corporation for Assigned Names and Numbers (ICANN) sent a letter to the owners of the .top domain registry. ICANN has filed hundreds of enforcement actions against domain registrars over the years, but this is thought to be the first in which ICANN has singled out a domain registry responsible for maintaining an entire top-level domain (TLD).
Here’s probably the biggest paragraph within this excellent story.
Among other reasons, the missive chided the registry for failing to respond to reports about phishing attacks involving .top domains.
ICANN’s warning redacted the name of the recipient, but records show the .top registry is operated by a Chinese entity called Jiangsu Bangning Science & Technology Co. Ltd. Representatives for the company have not responded to requests for comment.
Should we be surprised that they haven’t commented? I know if I were to have complaints, I would be expected to do something and not sit on them if I were to run domains at a large level.
According to a study recently published, most were .top domains. That paragraph says:
Interisle’s newest study examined nearly two million phishing attacks in the last year, and found that phishing sites accounted for more than four percent of all new .top domains between May 2023 and April 2024. Interisle said .top has roughly 2.76 million domains in its stable, and that more than 117,000 of those were phishing sites in the past year.
Last year’s report from Interisle found that domain names ending in “.us” — the top-level domain for the United States — were among the most prevalent in phishing scams. While .us domains are not even on the Top 20 list of this year’s study, “.com” maintained its perennial #1 spot as the largest source of phishing domains overall.
A year ago, the phishiest domain registrar by far was Freenom, a now-defunct registrar that handed out free domains in several country-code TLDs, including .tk, .ml, .ga and .cf. Freenom went out of business after being sued by Meta, which alleged Freenom ignored abuse complaints while monetizing traffic to abusive domains.
Should I really be surprised about .com being number 1 over all in recent times? Probably not. Its more believable to be told to go to a .com than other domains because we know by definition, .com should be safe and the actors know this.
Interisle Consulting partner Dave Piscitello said ICANN could easily send similar warning letters to at least a half-dozen other top-level domain registries, noting that spammers and phishers tend to cycle through the same TLDs periodically — including .xyz, .info, .support and .lol, all of which saw considerably more business from phishers after Freenom’s implosion.
The domains in these tld lists are not well known, although I own a .info but I would not own a .xyz or .lol domain.
This article is well written, and should be read in full. Phish-Friendly Domain Registry “.top” Put on Notice should be read for complete details.
There’s a lot more here. Dive in and learn a little bit.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.