On October 13, 2020, Interisle Consulting Group unveiled a study on phishing (interisle.net, October 13, 2020). The study period ran from May 1, 2020, to July 31, 2020. During these three months, Interisle Consulting Group collected no less than 298,012 phishing reports, detected 122,092 phishing attacks, and identified 99,412 malicious domain names. The study delivered is intense in statistics, findings, and deductions. I will highlight three points.
First, laws affecting the disclosure of whois data hamper the detection of phishing attacks (pp. 27 and 28).
Second, 65% of maliciously registered domain names are used for phishing purposes within five days of registration (pp. 8-10). Consequently, daily alerts arise as a prompt and adequate remedy against this type of cybercrime. That being said, one should beware of dormant domain names. Indeed, the study also reveals that 17% of maliciously registered domain names are used more than 90 days after registration (ibid.). Constant vigilance should, therefore, be recommended.
Third, although new gTLDs represent only 9% of all registered domain names, 18% of them are used for phishing (pp. 12, 13, and 19).