New gTLDs are becoming a more popular option for phishers, report says

According to PhishLabs’ recently released ‘Phishing Trends & Intelligence Report’, the number of phishing sites increased with 23% in 2016. More than 51% of all phishing sites in 2016 were hosted on domain names registered under .com. After .com, the most common top-level domains (TLDs) found in phishing sites were .br, .net, .org, .ru, .uk, .au, .info, .in, and .pl. While new generic TLDs (gTLDs) were associated with only 2% of phishing domains in 2016, the volume of attacks hosted on new gTLDs grew by more than 1000%, suggesting that these domains are becoming a more popular option for phishers. This is likely due to the cheap cost of some new gTLDs and the ability to create phishing sites that appear more legitimate. The most common new gTLDs used to host phishing content last year were .top, .xyz, .online, .club, .website, .link, .space, .site, .win, and .support.