Global Phishing Survey: Trends and Domain Name Use in 2H2012
Global Phishing Survey: Trends and Domain Name Use in 2H2012
Global Phishing Survey: Trends and Domain Name Use in 2H2012
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Global</strong> <strong>Phish<strong>in</strong>g</strong> <strong>Survey</strong> <strong>2H2012</strong>:<br />
<strong>Trends</strong> <strong>and</strong> <strong>Doma<strong>in</strong></strong> <strong>Name</strong> <strong>Use</strong><br />
middle ground, with scores above 5.0 <strong>in</strong>dicat<strong>in</strong>g TLDs with <strong>in</strong>creas<strong>in</strong>gly prevalent phish<strong>in</strong>g. 6<br />
The top TLDs by score are:<br />
Top 10 <strong>Phish<strong>in</strong>g</strong> TLDs by <strong>Doma<strong>in</strong></strong> Score, <strong>2H2012</strong><br />
M<strong>in</strong>imum 25 phish<strong>in</strong>g doma<strong>in</strong>s <strong>and</strong> 30,000 doma<strong>in</strong> names <strong>in</strong> registry<br />
TLD<br />
TLD<br />
Location<br />
# Unique<br />
<strong>Phish<strong>in</strong>g</strong><br />
attacks<br />
<strong>2H2012</strong><br />
Unique<br />
<strong>Doma<strong>in</strong></strong><br />
<strong>Name</strong>s used<br />
for phish<strong>in</strong>g<br />
<strong>2H2012</strong><br />
<strong>Doma<strong>in</strong></strong>s <strong>in</strong><br />
registry,<br />
November<br />
2012<br />
An APWG Industry Advisory<br />
http://www.apwg.org ● <strong>in</strong>fo@apwg.org<br />
PMB 246, 405 Waltham Street, Lex<strong>in</strong>gton MA USA 02421<br />
Score:<br />
<strong>Phish<strong>in</strong>g</strong><br />
doma<strong>in</strong>s per<br />
10,000<br />
doma<strong>in</strong>s<br />
<strong>2H2012</strong><br />
1 th Thail<strong>and</strong> 210 136 63,400 21.5<br />
2 hu Hungary 1,701 1,192 625,701 19.1<br />
3 cl Chile 902 731 399,073 18.3<br />
4 pe Peru 130 93 64,100 14.5<br />
5 ec Ecuador 41 38 30,500 12.5<br />
6 np Nepal 42 32 31,710 10.1<br />
7 sg S<strong>in</strong>gapore 136 120 143,887 8.3<br />
8 br Brazil 3,129 2,435 3,058,648 8.0<br />
9 <strong>in</strong> India 1,638 1,352 1,713,812 7.9<br />
10 ma Morocco 37 33 43,211 7.6<br />
<strong>Doma<strong>in</strong></strong>s <strong>in</strong> South American TLDs cont<strong>in</strong>ued to experience a rash of server compromises,<br />
cont<strong>in</strong>u<strong>in</strong>g a trend that began <strong>in</strong> 1H2012. Thail<strong>and</strong>’s .TH cont<strong>in</strong>ues to rank highly, as it has for<br />
many years, suffer<strong>in</strong>g especially from compromised government <strong>and</strong> university Web servers.<br />
At number eight, compromised .BR doma<strong>in</strong>s were used to phish 184 targets, <strong>in</strong>clud<strong>in</strong>g a<br />
wide range of South American banks. India’s .IN TLD ma<strong>in</strong>ta<strong>in</strong>ed its position at number<br />
n<strong>in</strong>e, used to attack 97 different targets via a mix of compromised <strong>and</strong> maliciously<br />
registered doma<strong>in</strong>s.<br />
6 Notes regard<strong>in</strong>g the statistics:<br />
• A small number of phish can <strong>in</strong>crease a small TLD’s score significantly, <strong>and</strong> these push up the<br />
study’s median score. The larger the TLD, the less a phish <strong>in</strong>fluences its score.<br />
• A registry’s score can be <strong>in</strong>creased by the action of just one busy phisher, or one vulnerable<br />
or <strong>in</strong>attentive registrar.<br />
• For more background on factors that can affect a TLD’s score, please see “Factors Affect<strong>in</strong>g<br />
<strong>Phish<strong>in</strong>g</strong> Scores” <strong>in</strong> our earlier studies.<br />
10