<div dir="ltr">Hi everyone<div><span style="color:rgb(0,0,0)">FYI - A new report is out about Phishing (attacks that steal user data)  : </span><a href="https://interisle.net/PhishingLandscape2021.html" target="_blank">https://interisle.net/PhishingLandscape2021.html</a><br></div><div><div style="color:rgb(0,0,0)"><p class="MsoNormal"><u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Some key takeaways from the report:<u></u><u></u></p><ul type="disc" style="margin-bottom:0in"><li class="MsoNormal" style="margin-left:15px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><b>Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers.</b> 69% of the domains used for phishing were registered in 10 Top-level Domains and 69% were registered through just 10 registrars.<u></u><u></u></li><li class="MsoNormal" style="margin-left:15px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><b>Phishing attacks are disproportionately concentrated in new gTLDs (nTLDs).</b> While the new TLDs' market share decreased during our yearly reporting period, phishing among the new TLDs has increased.<u></u><u></u></li><li class="MsoNormal" style="margin-left:15px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><b>Phishing domain registrations in some TLDs are overwhelmingly dominated by a small number of registrars.</b> In some cases, 90% or more of the malicious domains in a TLD were registered through one gTLD registrar.<u></u><u></u></li><li class="MsoNormal" style="margin-left:15px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><b>41% of all phishing attacks occurred at just ten hosting providers.</b> We identified 4,110 hosting networks (ASNs) where phishing web sites were reported. 28% of all phishing attacks occurred on just four hosting networks.<u></u><u></u></li><li class="MsoNormal" style="margin-left:15px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><b>Phishers targeted 1,804 businesses or organizations during the 1 May 2020 to 30 April 2021 period.</b> The top 10 brands targeted over the course of our annual period account for 46% of the reported phishing attacks.<u></u><u></u></li><li class="MsoNormal" style="margin-left:15px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><b>When phishers register domains, they tend to use them quickly.</b> 57% of domains reported for phishing were used within 14 days following registration and more than half of those were used within 48 hours.</li></ul><div><br></div><div>Maureen</div></div></div></div>