Phishing Activity: Key Statistics
November 1, 2021 - January 31, 2022
We analyzed URLs, domain names, and IP addresses that have been reported for phishing. These and other metadata - e.g., registration data, DNS zone data, attack type and targeted brand - allow us to determine where phishers are acquiring resources for their criminal activities. Indicators of compromise allow us to distinguish hostnames delegated from domains that were purposely registered for phishing campaigns from hostnames assigned to compromised web sites that were delegated from domain names for legitimate purposes.
During the November 1, 2021 to January 31, 2022 period, we measured the number of phishing reports, the number of phishing attacks we collected, the number of unique domain names reported for use in phishing attacks, and the number of domain names that we determine to have been purposely.
We’ve improved our ability to discriminate domains that we believe were purposely registered for phishing attacks - malicious domain registrations - and now report these. We also measured famous brands that were targeted by phishers.
| Measurement | Count |
|---|---|
| Total number of phishing reports this quarter | 679,962 |
| Phishing attacks reported | 289,996 |
| Unique domain names reported for phishing | 222,059 |
| Maliciously registered domains reported for phishing | 140,696 |
| Top-level Domains (TLDs) where we observed phishing | 534 |
| gTLD Registrars that had domains under management reported for phishing | 527 |
| Hosting Networks (ASNs) where phishing web sites were reported | 2,554 |
| Brands targeted in phishing attacks | 1,070 |