Study On Phishing Attacks In 1st Half Of 2013: Over 58K Domains Used: 82% On .Com, .Tk, .Info

APWG Global reported in its study of phishing attacks in the first six months of 2013 and here are some of the findings of the report especially those that related directly to domain names.

There were at least 72,758 unique phishing attacks worldwide in first half of 2013 (1H 2013) far below the 123,486 attacks recorded in the
2H 2012

Many brands were attacked several times a week on average, with eighty brands attacked 100 or more times each during the 26-week period.

Half of the targets were attacked one to three times during the period.

APWG analysts found that PayPal was again the world’s most-targeted institution for phishing attacks, with some 18% (13,498 attacks) were directed against the company and its users in 1H 2013.

Taobao.com, the Chinese shopping site, was second-most-attacked in the survey period with 9 percent (6,605) of recorded phishing attacks.

The attacks occurred on 53,685 unique domain names.

Of the 53,685 phishing domains, we identified 12,173 domain names that we believe were registered maliciously, by phishers.

This is double the 5,835 found in 2H 2012.

The increase is due to a sudden uptick in domain registrations by Chinese phishers.

The other 41,532 domains were almost all hacked or compromised on vulnerable Web hosting.

Phishing occurred in 195 top level domains (TLDs), but 82% of the malicious domain registrations were in just three TLDs : .COM, .TK, and .INFO

We counted 720 target institutions, up significantly from the 611 targeted institutions identified in 2H2012

Only about 2.3 % of all domain names that were used for phishing contained a brand name or variation thereof

Seventy eight of the 53,685 domain names were internationalized domain names (IDNs)

The use of URL shorteners for phishing has plummeted, probably due to better anti-abuse measures at the providers.

About Michael Berkens

Michael Berkens, Esq. is the founder and Editor-in-Chief of TheDomains.com. Michael is also the co-founder of Worldwide Media Inc. which sold around 70K domain to Godaddy.com in December 2015 and now owns around 8K domain names . Michael was also one of the 5 Judges selected for the the Verisign 30th Anniversary .Com contest.

Comments

Brands-and-Jingles says

September 19, 2013 at 11:36 am

Numbers correlate well with the size of tlds, their prices and the audience makeup.
Danny Pryor says

September 20, 2013 at 10:12 am

The trend of registering domains to launch phishing attacks is nothing new, but the additional disturbing number in this report, for me, also was the number of attacks launched as a result of hacks. “The other 41,532 domains were almost all hacked or compromised on vulnerable Web hosting.”

If my math is correct, and I didn’t miss any other numbers here, then 77% of all phishing attacks launched in the first half of 2013 were launched from domains on compromised hosting services. Considering how much I’ve cleaned up a couple clients’ servers this year, the hacking issue would seem to be the first thing to resolve, in order to ameliorate the spate of phishing.

The alternative is legitimate domains on compromised hosting platforms will suffer black marks to their reputations due to the host. I wonder if there’s a tort in that? One for detrimental reliance, perhaps?

🙂
Philip Cohen says

September 20, 2013 at 2:10 pm

Whatever; the ugly reality of eBay Inc:
eBay’s crooked marketplace … http://bit.ly/11F2eas
The clunky “PreyPal” … http://bit.ly/UVXx53
The ongoing joke of it all … http://bit.ly/YvxFEg
Quotes from the eBay executive suite … http://bit.ly/12xvzyA