[APRALO-Policy] Phishing report

h.raiche at internode.on.net h.raiche at internode.on.net
Sun Oct 3 04:46:25 UTC 2021 

Thanks Maureen

Surely this raises issues about what should be in place.  I am assuming we are talking about GTLDs and what is in the Registry agreement with ICANN that needs tightening?

It also harks back to the CCT report and the recommendations made ( that have not been actioned) about statistics on abuse?

Holly

> On Oct 3, 2021, at 3:09 AM, Maureen Hilyard via Apralo-policy <apralo-policy at icann.org> wrote:
> 
> Hi everyone
> FYI - A new report is out about Phishing (attacks that steal user data)  : https://interisle.net/PhishingLandscape2021.html <https://interisle.net/PhishingLandscape2021.html>
>  
> 
> Some key takeaways from the report:
> 
> Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers. 69% of the domains used for phishing were registered in 10 Top-level Domains and 69% were registered through just 10 registrars.
> Phishing attacks are disproportionately concentrated in new gTLDs (nTLDs). While the new TLDs' market share decreased during our yearly reporting period, phishing among the new TLDs has increased.
> Phishing domain registrations in some TLDs are overwhelmingly dominated by a small number of registrars. In some cases, 90% or more of the malicious domains in a TLD were registered through one gTLD registrar.
> 41% of all phishing attacks occurred at just ten hosting providers. We identified 4,110 hosting networks (ASNs) where phishing web sites were reported. 28% of all phishing attacks occurred on just four hosting networks.
> Phishers targeted 1,804 businesses or organizations during the 1 May 2020 to 30 April 2021 period. The top 10 brands targeted over the course of our annual period account for 46% of the reported phishing attacks.
> When phishers register domains, they tend to use them quickly. 57% of domains reported for phishing were used within 14 days following registration and more than half of those were used within 48 hours.
> 
> Maureen
> _______________________________________________
> Apralo-policy mailing list
> Apralo-policy at icann.org
> https://mm.icann.org/mailman/listinfo/apralo-policy
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/apralo-policy/attachments/20211003/5a2c4044/attachment-0001.html>

More information about the Apralo-policy mailing list