Home / News

New Data Reveals Phishing Attacks Are Bigger Than Reported, Exact Size of Problem Unknown

Attack Activity by Day – Phishing is lowest on the weekends when potential victims are away from their email. Phishing then ramps up early in the week as phishers send email lures, when the attention of potential victims is highest. (Phishing Landscape 2020 / Interisle)

A group of experts from Interisle Consulting Group and Illumintel released a paper today, reporting a comprehensive study of the phishing landscape in 2020. The study’s goal was to capture and analyze a large set of information about phishing attacks to better understand how much phishing is taking place, where it is taking place, and better ways to fight them.

Major findings: After a three-month data collection period, the group learned about more than 100,000 newly discovered phishing sites. Here are the major findings—full details on the study can be obtained here.

  • Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers.
  • Phishers themselves register more than half of the domain names on which phishing occurs.
  • Domain name registrars and registry operators can prevent and mitigate large amounts of phishing by finding and suspending maliciously registered domains.
  • Registries, registrars, and hosting providers should focus on both mitigation and prevention.
  • The problem of phishing is bigger than is reported, and the exact size of the problem is unknown.
  • Sixty-five percent of maliciously registered domain names are used for phishing within five days of registration.
  • New top-level domains introduced since 2014 account for 9% of all registered domain names, but 18% of the domain names used for phishing.
  • About 9% of phishing occurs at a small set of providers that offer subdomain services.

Timing of registrations: The group analyzed 65,255 gTLD domains to determine how much time elapsed between when a domain name was registered and when that domain was first flagged for phishing by one of the phishing data feeds. 45% of the domains (31,610 out of 65,255) were used for phishing within 14 days of registration, reinforces the conventional wisdom that when phishers register domains, they tend to use them quickly to avoid detection.

gTLD Domains User for Phishing: days from domain registration to phishing (Phishing Landscape 2020 / Interisle)

Only ten gTLD registrars: Almost half of all maliciously registered domains were acquired from only ten gTLD registrars. “More than 88% of the maliciously registered domains in our data set occurred in just 20 top-level domains. ... this presents opportunities for a few providers to put a big dent in phishing,” writes one of the researchers, Greg Aaron (read his overview on CircleID).

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global