A significant surge in phishing attacks has been unveiled by a recent study conducted by Interisle Consulting, with a nearly 40% increase in the year ending August 2024.
the research highlights that much of this growth is concentrated in a small number of new generic top-level domains (gTLDs), such as .shop, .top, and .xyz.
these new gTLDs, which command just 11% of the market for new domains, accounted for approximately 37% of cybercrime domains reported between September 2023 and August 2024.
This disproportionate representation in cybercrime activities is attributed to the attractive features these domains offer to scammers, including rock-bottom prices and minimal registration requirements.
Security analysts at KrebsonSecurity observed that the spammers and cybercriminals are gravitating towards these new gTLDs due to their low-cost or free registration options and the lack of stringent account or identity verification processes.
Technical Analysis
it’s been found that among the gTLDs with the highest cybercrime domain scores, nine offered registration fees under $1, and nearly two dozen had fees below $2.00. In contrast, the most affordable .com domain was priced at $5.91.
while traditional domains like .com and .net still make up about half of all registered and account for just over 40% of cybercrime domains, the rapid rise of new gTLDs in phishing domains activities is concerning.
top 5 new gTLDs, ranked by cybercrime domains reported (Source – KrebsonSecurity)
The Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the domain name industry, is paradoxically moving forward with plans to introduce even more gTLDs, with applications for new ones expected to open in 2026.
John Levine, president of the Coalition Against Unsolicited Commercial Email (CAUCE), warns that adding more TLDs without stricter registration policies will likely expand opportunities for cybercriminals.
He criticizes ICANN’s approach, suggesting that the organization is behaving more like a domain speculator trade association than a neutral nonprofit regulator.
the rapid increase of phishing domains within new gTLDs is eroding user trust and posing significant security risks.
To combat this growing threat, experts recommend implementing digital identity verification programs, deploying automated systems to screen for suspicious registration patterns, and creating “Trusted Reporter” programs to facilitate swift suspension of identified phishing resources.
the upcoming round of new gTLDs in 2026 will likely reignite debates on how to encourage a more diverse online ecosystem while safeguarding against the misuse of these domains by malicious actors.