The Chinese company managing domain names with the suffix “.top” has been given a deadline until mid-August 2024 by the Internet Corporation for Assigned Names and Numbers (ICANN) to demonstrate proper systems for handling phishing reports and abusive domains. Failure to comply could result in the loss of their license to sell domains. This warning comes in light of recent findings that .top domains were among the most common in phishing websites, trailing only behind domains ending in “.com.”
ICANN recently issued a letter to the owners of the .top domain registry, specifically calling out a registry responsible for overseeing an entire top-level domain (TLD). The letter highlighted the registry’s failure to address reports of phishing attacks involving .top domains promptly and effectively. The recipient of the letter, identified as Jiangsu Bangning Science & Technology Co. Ltd, a Chinese entity operating the .top registry, has not responded to requests for comment.
Data from the Interisle Consulting Group revealed that .top domains were associated with a significant number of phishing sites over the past year, comprising more than four percent of all new .top domains. With approximately 2.76 million domains under its management, over 117,000 .top domains were identified as phishing sites in the previous year.
Interestingly, the report also noted a rise in phishing sites hosted using the InterPlanetary File System (IPFS), a decentralized data storage network based on peer-to-peer networking. The use of IPFS for hosting phishing attacks increased dramatically by 1,300 percent, with around 19,000 phishing sites reported in the last year.
In the evolving landscape of phishing, the demise of Freenom, a domain registrar known for free domain offerings, led to phishers shifting their operations to other low-cost top-level domains and services allowing anonymous domain registrations. Services like blogspot.com, weebly.com, github.io, wix.com, and ChangeIP experienced a surge in phishing domains registered, indicating a shift in tactics by cybercriminals.
ICANN’s enforcement actions highlight the persistent issue of non-payment of annual membership fees by registries and registrars as a common reason for warnings and breaches. Despite fewer public compliance actions in recent years and an expansion of new top-level domains, non-payment remains a prevalent issue. Additionally, reports suggest that failure to pay dues has been a significant factor in breach notices sent out by ICANN.
Experts underscore the importance of domain registrars and registries flagging customers registering large volumes of domains simultaneously to curb phishing activities. Vigilance in monitoring and addressing abuse complaints is crucial in mitigating the impact of phishing attacks facilitated through domain registrations. ICANN’s proactive approach to compliance checks aims to prevent recurrence of enforcement issues, emphasizing the need for contracted parties to demonstrate compliance and implement remediation plans effectively.
As the domain landscape continues to evolve, the fight against phishing and abusive domains remains a constant challenge for internet governance bodies like ICANN. Stay tuned for further updates on this developing story.