Greg Aaron, Lyman Chapin, Dr. Colin Strutt and CAUCE Board Member David Piscitello, all of the Interisle Consulting Group, today announced the publication of the seminal report Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing.

The report can be found at

The goal of the research was to capture and analyze a large set of information about phishing attacks, to better understand how much phishing is taking place and where it is taking place, and to see if the data suggests better ways to fight phishing. The group studied where phishers are getting the resources they need to perpetrate their crimes — where they obtain domain names, and what web hosting is used. This analysis helps identify where additional phishing detection and mitigation efforts are best deployed at vulnerable providers the research helped identify.

To assemble a deep and reliable set of data, the researchers collected URLs, domain names, IP addresses, and other data about phishing attacks from four widely used and respected threat data providers: the Anti-Phishing Working Group (APWG), OpenPhish, PhishTank, and The Spamhaus Project. (The authors wish to express their appreciation of the cooperation extended to them by these providers).

Over a three-month collection period, they learned about more than 100,000 newly discovered phishing sites.

These are the major findings and conclusions are based on the data collected:

  1. Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers.
  2. Phishers themselves register more than half of the domain names on which phishing occurs.
  3. Domain name registrars and registry operators can prevent and mitigate large amounts of phishing by finding and suspending maliciously registered domains.
  4. Registries, registrars, and hosting providers should focus on both mitigation and prevention.
  5. The problem of phishing is bigger than is reported, and the exact size of the problem is unknown.
  6. Sixty-five percent of maliciously registered domain names are used for phishing within five days of registration.
  7. New top-level domains introduced since 2014 account for 9% of all registered domain names, but 18% of the domain names used for phishing.
  8. About 9% of phishing occurs at a small set of providers that offer subdomain services.