Number of new country code phishing domains dropped significantly thanks to Meta
The number of newly registered country code phishing domains has dropped significantly in the past couple of months thanks to Meta, Facebook's parent company.
Most phishing attacks require a website and many use custom domain names for that. While some domain names are selected to look similar to the target domain name, some are not. All have in common that domains need to be registered.
A recent report by Krebs on Security suggests that country code phishing domain registrations have dropped significantly in the past six months. Back in November 2022, more than 52,000 phishing domains were registered. In the two months that followed numbers rose to 66,000 and 72,000, before taking a sharp drop to less than 20,000 in February 2023. From there, newly registered phishing domains dropped to a little bit more than 12,000 in April 2023.
Much of the decline is linked to the domain registrar Freenom, which manages the top level for Gabon, Equatorial Guinea, Mali, Tokelau and Central African Republic. What made Freenom attractive was that it did not charge registration fees for the domains that uses the five country codes that it controls.
Domain registrations with Freenom are linked to several strange rules, including that the registrar may take back any free domain at any time and may redirect traffic to other sites. This makes the domains less attractive to regular businesses, as the fear of losing access to the domain is allpresent.
Meta filed a lawsuit against Freenom in December 2022, retracted the lawsuit and refiled it in March 2023. Meta argued that Freenom's services were used by cybercriminals and that Freenom was shielding customers, even when "presented with evidence" and continuing to allow cybercriminals to register new domains.
Meta cited research from Interisle Consulting Group, which released information in 2021 and 2022 that the five country code top level domains managed by Freenom were responsible for half of the ten most used top level domains by phishers.
The consulting company noticed a sharp decline in Freenom registered phishing domains in the months surrounding the lawsuit. Interisle gathers data from 12 blocklists, including Spamhaus, Phishtank and OpenPhish.
Freenom registered 35,000 phishing domains in December 2022 and only 1,100 in April 2023, according to Interisle data.
The lawsuit against Freenom is Meta's second lawsuit against a domain registrar. Meta filed a lawsuit against domain registrar Namecheap in 2020. Both organizations agreed to settle in April 2022, and the number of new phishing domains registered through Namecheap dropped by 50% in the quarter that followed, according to Namecheap.
The overall number of phishing domains is increasing still, however.