APWG Global reported in its study of phishing attacks in the first six months of 2013 and here are some of the findings of the report especially those that related directly to domain names.
There were at least 72,758 unique phishing attacks worldwide in first half of 2013 (1H 2013) far below the 123,486 attacks recorded in the
2H 2012
Many brands were attacked several times a week on average, with eighty brands attacked 100 or more times each during the 26-week period.
Half of the targets were attacked one to three times during the period.
APWG analysts found that PayPal was again the world’s most-targeted institution for phishing attacks, with some 18% (13,498 attacks) were directed against the company and its users in 1H 2013.
Taobao.com, the Chinese shopping site, was second-most-attacked in the survey period with 9 percent (6,605) of recorded phishing attacks.
The attacks occurred on 53,685 unique domain names.
Of the 53,685 phishing domains, we identified 12,173 domain names that we believe were registered maliciously, by phishers.
This is double the 5,835 found in 2H 2012.
The increase is due to a sudden uptick in domain registrations by Chinese phishers.
The other 41,532 domains were almost all hacked or compromised on vulnerable Web hosting.
Phishing occurred in 195 top level domains (TLDs), but 82% of the malicious domain registrations were in just three TLDs : .COM, .TK, and .INFO
We counted 720 target institutions, up significantly from the 611 targeted institutions identified in 2H2012
Only about 2.3 % of all domain names that were used for phishing contained a brand name or variation thereof
Seventy eight of the 53,685 domain names were internationalized domain names (IDNs)
The use of URL shorteners for phishing has plummeted, probably due to better anti-abuse measures at the providers.
…