APWG Cybercrime Report: Phishers’ Command of Domain Name System Reaches All-Time High in 2016

APWG _Logo.jpgCriminalization of DNS for Phishing Advanced Most Every Year Since 2012

CAMBRIDGE, Mass.-- The APWG's latest study has found that cybercriminals have been shifting their tactics markedly, by registering more and more domain names, rather using web servers and domains they have hacked into. These “malicious domain registrations” accounted for half of all the domain names used for phishing in 2016. This shift shows that phishers are becoming bolder, and highlights cybercrime detection and mitigation problems in the domain name industry.

The Global Phishing Survey: Trends and Domain Name Use in 2016 documents that in 2016 there were at least 255,065 unique phishing attacks worldwide - an all-time high. Of the 195,475 domains used for phishing, the authors identified 95,424 domain names that the authors believe were registered maliciously by phishers - almost three times as many as they found in 2015.

“It was disheartening to see the registration of so many malicious domain names to mount attacks, after all the great work that’s been done to curtail phishers in recent years,” said Rod Rasmussen, Founder of R2 Cyber and co-author of the study. “This should be a wake-up call for the domain name industry.”

The study also revealed that contrary to conventional wisdom, many domain names registered by phishers are being “aged” and are not used immediately after registration. Recently registered domains receive low reputation scores from security and anti-spam companies that prevent consumers from receiving phishing-lure emails. So some phishers are evading those security measures by registering domains and then waiting until the domains are older and have better reputation scores.

The study also examined the use of the new top-level domains that have been introduced over the past three years. Phishing in the new top-level domains is rising, but is not yet as pervasive as in other sectors of the domains name space. However, by the end of 2016, almost half of the new top-level domains that were available for general registration by the public had phishing in them, and the new top-level domains are a place where phishers are purchasing domain names for themselves.

“In the meantime, phishers are employing another new trick that uses the domain name system,” said Greg Aaron, Vice-President of iThreat Cyber Group and co-author of the report. “We call this ‘domain shadowing’, and is when a phisher manipulates an unsuspecting company’s DNS settings to insert multiple phishing sites onto the company’s servers—often hundreds of sites at a time. As always, we emphasize that companies must take strong, professional measures to protect their web hosting and email services—otherwise criminals will break into them and use them for their own purposes.”

The full report is available at:


About the APWG

APWG, an international affairs organization focused on global suppression of common and advanced cybercrimes, was founded in 2003 as the Anti-Phishing Working Group. The global industry, law enforcement, and government coalition of more than 2,100 institutions is unifying the global response to electronic crime, curating one of the world’s largest NGO-managed clearinghouses of cybercrime event data, and enabling the sharing of these data to protect consumers, commercial enterprises and government ministries. APWG’s directors, managers and research fellows advise national governments; global governance bodies like the Organisation for Economic Co-operation and Development, International Telecommunications Union and ICANN; hemispheric and global trade groups; and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, the Council of Europe's Convention on Cybercrime, United Nations Office on Drugs and Crime, the Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Membership is open to qualified financial institutions, online retailers, ISPs and telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing. APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative and founder/curator of the eCrime Researchers Summit, the world’s first peer-reviewed conference dedicated specifically to electronic crime studies. KnowBe4 is an APWG corporate sponsor.



Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Recent Posts

Get the latest about social engineering

Subscribe to CyberheistNews