Phishing in 2024 shows no sign of a slowdown. Our Interisle team processed just slightly more than1M reports from our phishing feeds in the 3-month period ending July 31, 2024, a third straight reporting period where our collection exceeded.
Phishers have firmly concentrated their registration efforts in the new gTLDs. For the period, more domain names were reported for phishing in the thirteen new gTLDs in this period's top 20 than were reported in the .COM TLD. Free or cheap, open registrations are a plague. These represent a small fraction (~10%) of registered domain names globally but year over year have high malicious registration rates and phishing scores.
Cloudflare continues to top the list of hosting networks with the most IPv4 addresses reported for hosting phishing attacks.
United States Postal Service and Facebook were the most impersonated brands this reporting period. USPS is the brand most frequently found as an exact match string in phishing domains. Registry, registrar and subdomain operators could use this to experiment with a "filter for string, delay delegation pending investigation" process.
Surely this is a potential win application for AI?
Phishing from user accounts at subdomain providers decreased but still accounts for more than 10% of phishing attacks reported.
Trends (blog): https://www.cybercrimeinfocenter.org/phishing-trends-may-july-2024
Phishing Activity for May-July 2024: https://www.cybercrimeinfocenter.org/phishing-activity-numbers-may-july-2024