Phishing Landscape 2021: An Annual Study of the Scope and Distribution of Phishing

This Interisle Study analyzes nearly 1.5 million phishing reports representing 700,000 phishing attacks. The study shows that phishing increased by nearly 70% over the period 1 May 2020 through 30 April 2021.

The study also reports that most phishing occurs on domains purposely (maliciously) registered for phishing attacks.

Phishing continues to pose a significant threat to millions of Internet users. Among the major findings in the study, Interisle reports that:

  • Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers. 69% of the domains used for phishing were registered in 10 Top-level Domains and 69% were registered through just 10 registrars.

  • Phishing attacks are disproportionately concentrated in new gTLDs (nTLDs). While the new TLDs' market share decreased during our yearly reporting period, phishing among the new TLDs has increased.

  • Phishing domain registrations in some TLDs are overwhelmingly dominated by a small number of registrars. In some cases, 90% or more of the malicious domains in a TLD were registered through one gTLD registrar.

  • 41% of all phishing attacks occurred at just ten hosting providers. We identified 4,110 hosting networks (ASNs) where phishing web sites were reported. 28% of all phishing attacks occurred on just four hosting networks.

  • Phishers targeted 1,804 businesses or organizations during the 1 May 2020 to 30 April 2021 period. The top 10 brands targeted over the course of our annual period account for 46% of the reported phishing attacks.

  • When phishers register domains, they tend to use them quickly. 57% of domains reported for phishing were used within 14 days following registration and more than half of those were used within 48 hours.

The study also reports that most phishing occurs on domains purposely (maliciously) registered for phishing attacks. Interisle determined that 65% of domains associated with phishing attacks were maliciously registered.

Comments can be submitted to feedback@interisle.net

The opinions, findings, and conclusions or recommendations expressed in this report are the product of independent work conducted by Interisle Consulting Group, without direction or other influence from any outside party, including parties that may have provided funding to support the work.

Previous
Previous

Malware Landscape 2021: A Study of the Scope and Distribution of Malware

Next
Next

Domain Security: A Critical Component of Enterprise Risk Management