Phishing Trends February - April 2023

Contributed by Dave Piscitello, Interisle Consulting Group

Our quarterly Phishing Activity pages reports measure phishing activity by Top-level Domains, Domain Registrars, and Hosting Networks.

Here, we share some insights from the phishing activity reported for the February - April 2023 period.

Unique domain names reported for phishing

Domain names reported for phishing decreased dramatically. However, we saw more phishing attacks “per domain” and significantly more phishing attacks hosted at subdomain service providers.

The percent of maliciously registered phishing domains remained largely the same. gTLD registrars and registries are in the best position to identify and block malicious registrations before the onset of an attack. There’s little evidence that policy, compliance, or recommended practices are having positive effects.

Freefall in Freenom?

We’ve observed a significant decline in phishing domains reported in the Freenom commercialized ccTLDs. The decline, while not entirely coincident with the cybersquatting and infringement complaint filed against Freenom, is happy news for would-be phishing victims. Responsible for over 60% of phishing domains reported in November 2022, Freenom’s percentage has dropped to under 15%.

Most phished subdomain services

Phishers are using free web and blog accounts with increasing frequency. We identified 5 subdomain services with more than 5,000 phishing attacks reported.

Most phished hosting networks

Phishers exploited LG DACOM and DEDIPATH severely, with both rising to the top 5 most phished hosting networks in the current quarter.