Cheap Domains Driving Phishing Attacks: A Growing Threat to Online Security

Phishing attacks soared nearly 40% by August 2024, and the culprit is no secret: Cheap domains.

New domains like .shop, .top, and .xyz are attracting scammers because they’re easy to get and don’t cost much. These so-called "new" gTLDs are drawing increasing attention, not because they’re useful, but because they offer rock-bottom prices with minimal registration requirements.

Interisle Consulting’s latest findings show that while these new gTLDs represent only 11% of new domains, they account for a shocking 37% of the cybercrime domains reported in the past year. That’s a huge leap, especially when compared to the older, more established .com and .net, which, despite their dominance in the market, only contributed to about 40% of phishing domains.





For starters many of these gTLDs are available for under $2, with hardly any identity checks. In comparison, .com domains usually start at $5.91. For cybercriminals working in bulk, it's a no-brainer. But the domain sellers often face losses. Criminals don’t renew their domains, leaving registrars with unpaid bills.

Despite the clear pattern, ICANN, the nonprofit that oversees domains, is pushing ahead with plans to introduce even more gTLDs in 2026. Web hosting experts worry this will just create more space for cybercrime to grow.
While phishing attacks have historically targeted big tech companies, the U.S. Postal Service now tops the list as the most-phished entity. This shift has a lot to do with one notorious cybercriminal—Chenlun—who’s been selling kits that target postal services around the globe.

Then there’s the growing threat of subdomains. Platforms like blogspot.com (AKA Blogger.com/Google), pages.dev, and Weebly have become hotspots for scammers. In the last year alone, phishing incidents involving subdomains rose by 114%.

What’s tricky about subdomains is that it’s up to the platform provider to take down malicious accounts, but there’s a catch. If the provider blocks a domain, it affects all their users. That’s a delicate balance to strike. Still, there’s a clear path forward. Tighten the rules around creating accounts, especially on free services.

As more cheap domains and subdomains flood the internet, the need for stricter registration policies has never been clearer. Scammers will always find ways around the rules, but that doesn't mean we shouldn't raise the bar. The solution isn't just about limiting domain sales; it’s about taking accountability seriously.

Read next: 

• Phishing Attacks Are Evolving – Is Your Mobile Safe from This Sneaky Cyber Security Threat?

• AI Chatbots Are Replacing Friends for Teens—Here’s Why Experts Are Worried
Previous Post Next Post