Phishers target wide-ranging targets for several reasons :
If a site is getting phished for the first time, it may have been targeted by a more sophisticated phisher, who had the skill to design a new phishing template.
Most phishing continues to be concentrated in just a few namespaces, with some TLDs having much more prevalent problems than others. Domain name space can be divided into four categories :
56% of the domains were in .COM and .NET. This happened for two reasons:
On the other hand, the new gTLDs have often been priced more cheaply than any other sector. Looking at the numbers for the past five years, we can see how the new gTLDs have recently contributed more phishing domains, while the legacy gTLDs contributed fewer:
Most new gTLDs (nTLDs) have now been out on the market for more than two years. Our observations are:
The number of nTLDs that contain phishing is rising steadily:
Of the 6,549 domains used for phishing in the 228 nTLDs, 86% (5,633) were registered maliciously. 71% of those malicious registrations were found in just ten nTLDs:
The TLD market is now more crowded and competitive than at any time in history, some nTLD registries have been competing aggressively on price. → Low prices and sometimes lax practices are allowing nTLD domains to be used abusively. In April 2017, SURBL alone listed one million new gTLD domains on its spam/phishing/malware blocklist.