Phishing Landscape Studies

Phishing Landscape studies are examples of how data collected and curated at the Cybercrime Information Center Project (CIC) can be used to measure and report on “cybercrime over time”.

Phishing key on a keyboard
   2023 Study      2022 Study      2021 Study      2020 Study  

Phishing Landscape 2022: An Annual Study of the Scope and Distribution of Phishing

As reported via EIN Presswire…

Interisle reports a 61% increase in phishing in annual study

Most phishing occurs on domains maliciously registered by phishers, for phishing,

HOPKINTON, MA, UNITED STATES, July 19, 2022 /EINPresswire.com/ -- Interisle Consulting Group today announced the publication of an industry report, Phishing Landscape 2022, An Annual Study of the Scope and Distribution of Phishing. The study, which analyzes more than 3 million phishing reports representing 1,123,000 phishing attacks, shows that phishing increased by 61% over the period 1 May 2020 through 30 April 2021.

Phishing continues to pose a significant threat to millions of Internet users. Among the major findings in the study, Interisle reports that:

  • Phishers targeted over 2000 businesses and organizations during the 1 May 2021 to 30 April 2022 period. The majority of phishing attacks targeted just ten brands.

  • A small number of registrars dominate malicious domain registration in some TLDs. In four TLDs, more than 80% of the malicious domains were registered through just one registrar. 

  • Phishing attacks are disproportionately concentrated in new gTLDs. While the new TLDs’ market share decreased during our yearly reporting period, phishing among the new TLDs has increased.

  • Phishers deliberately registered 69% of all domains—and 92% of new gTLD domains—on which phishing occurred. 58% of all reported phishing attacks were hosted on these maliciously registered phishing domains.

  • Cryptocurrency phishing rose 257%. Nearly 80% of the gTLD domains reported for phishing were maliciously registered. Wallets were the most targeted brands.

According to Interisle partner and co-author Dave Piscitello, “Cryptocurrency phishing has skyrocketed, especially attacks involving wallets and exchanges. Phishers are applying attack techniques that they’ve used against other financials to virtual currencies with great effect.”

John Levine, the President of the Coalition Against Unsolicited Commercial Email (CAUCE), said that “this thoroughly researched report is essential reading for anyone concerned about the growing threat of online phishing. It has detailed analyses and advice on what and where the threats are, and how we can and must deal with them."

The Interisle report is available at https://interisle.net/PhishingLandscape2022.html.

A summary of the study can be found at the page Phishing Landscape Study 2022.

Phishing Landscape 2021: An Annual Study of the Scope and Distribution of Phishing

For this study, Interisle Consulting Group LLC again analyzed CIC information about phishing attacks - nearly 1.5 million phishing reports representing 700,000 phishing attacks - and reported that phishing increased by nearly 70% over the period 1 May 2020 through 30 April 2021.

Among the major findings in the study, Interisle reported that:

  • Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers. 69% of the domains used for phishing were registered in 10 Top-level Domains and 69% were registered through just 10 registrars.

  • Phishing attacks are disproportionately concentrated in new gTLDs (nTLDs). While the new TLDs' market share decreased during our yearly reporting period, phishing among the new TLDs has increased.

  • Phishing domain registrations in some TLDs are overwhelmingly dominated by a small number of registrars. In some cases, 90% or more of the malicious domains in a TLD were registered through one gTLD registrar.

  • 41% of all phishing attacks occurred at just ten hosting providers. We identified 4,110 hosting networks (ASNs) where phishing web sites were reported. 28% of all phishing attacks occurred on just four hosting networks.

  • Phishers targeted 1,804 businesses or organizations during the 1 May 2020 to 30 April 2021 period. The top 10 brands targeted over the course of our annual period account for 46% of the reported phishing attacks.

  • When phishers register domains, they tend to use them quickly. 57% of domains reported for phishing were used within 14 days following registration and more than half of those were used within 48 hours.

The study also reports that most phishing occurs on domains purposely (maliciously) registered for phishing attacks. Interisle determined that 65% of domains associated with phishing attacks were maliciously registered.

You may read an Executive Summary of the Report or the complete Report.

A summary of the study can be found at the page, Summary of Phishing Activity May 1, 2020 - April 30, 2021.

Phishing Landscape 2020

Interisle Consulting Group analyzed a large set of CIC information about phishing attacks, to better understand how much phishing is taking place and where it is taking place. They looked at when phishers launch attacks, to determine when attacks occur and how quickly phishers act, and studied where phishers obtain domain names and what web hosting is used. This analysis identified where additional phishing detection and mitigation efforts are needed and identified vulnerable providers.

By applying rule sets to further curate CIC data, Interisle was able to discriminate domains that were purposely registered for phishing from compromised domains (see Phishing Terminology).

Interisle also reported on the wide range of brands targeted by phishers, and how often they take advantage of the unique properties of internationalized domain names (IDNs).

Download the Executive Summary or the Full Report from Interisle Consulting Group, LLC.

Image by Richard Patterson