The Anti-Phishing Working Group (APWG) has released its Global Phishing trends study for the first half of 2009 and .ORG, The Public Interest Registry (PIR), was highlighted for its leadership in significantly reducing online fraud. The APWG study noted that:

“A success story in 1H2009 [first half 2009] was the new anti-phishing program put into place by The Public Interest Registry (PIR), the operator of the .ORG TLD [Top-Level Domain]. ... Stating a desire for abuse response and heightened user protection, PIR announced a new anti-abuse policy to its registrars in late 2008, and it went into effect on February 5, 2009. On that day, PIR began actively reporting phish to its registrars, helping them to alert their registrants about compromised phishing domains. ... The impact was dramatic—.ORG’s phishing uptimes immediately dropped by a third.”

This success not only highlights the success of PIR in reducing phishing but confirms PIR’s position that anti-phishing programs implemented responsibly by domain name registries can reduce the up-times of phishing attacks and malicious registrations.

In 2009, the “Avalanche” phishing gang targeted several major TLD with widespread phishing attacks. This gang is responsible for about a quarter of the phishing on the Internet. It registers domain names, and tries to find inattentive or vulnerable registrars and registries. The APWG study notes that “in March through May, PIR also responded to the Avalanche gang by quickly suspending maliciously registered .ORG domains, often within minutes of their activation. In mid-May the Avalanche gang stopped registering .ORG domains, and concentrated on registering in other TLDs instead.” PIR’s diligence helped shift a major e-crime operation out of the .ORG zone.

The APWG study notes that about 85% of domain names used for phishing are actually owned by innocent registrants who have had their web hosting hacked by phishers. PIR does outreach regarding some of these compromised domains, alerting the registrars so that the registrants can become aware of the vulnerabilities and get them fixed. PIR’s program thus helps address both maliciously registered phishing domains and compromised phishing sites—handling each in an appropriate way that protects Internet users and registrants.

PIR is committed to continuing this successful program, and providing an example of Registry security best practices that can be an example for others to follow.