Phishing Domains Tanked After Meta Sued Freenom (krebsonsecurity.com) 7
An anonymous reader quotes a report from KrebsOnSecurity: The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. Freenom is the domain name registry service provider for five so-called "country code top level domains" (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau. Freenom has always waived the registration fees for domains in these country-code domains, but the registrar also reserves the right to take back free domains at any time, and to divert traffic to other sites -- including adult websites. And there are countless reports from Freenom users who've seen free domains removed from their control and forwarded to other websites.
By the time Meta initially filed its lawsuit in December 2022, Freenom was the source of well more than half of all new phishing domains coming from country-code top-level domains. Meta initially asked a court to seal its case against Freenom, but that request was denied. Meta withdrew its December 2022 lawsuit and re-filed it in March 2023. "The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers' identity, even after being presented with evidence that the domain names are being used for illegal purposes," Meta's complaint charged. "Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers." Meta pointed to research from Interisle Consulting Group, which discovered in 2021 and again last year that the five ccTLDs operated by Freenom made up half of the Top Ten TLDs most abused by phishers.
Interisle partner Dave Piscitello said something remarkable has happened in the months since the Meta lawsuit. "We've observed a significant decline in phishing domains reported in the Freenom commercialized ccTLDs in months surrounding the lawsuit," Piscitello wrote on Mastodon. "Responsible for over 60% of phishing domains reported in November 2022, Freenom's percentage has dropped to under 15%." Piscitello said it's too soon to tell the full impact of the Freenom lawsuit, noting that Interisle's sources of spam and phishing data all have different policies about when domains are removed from their block lists.
By the time Meta initially filed its lawsuit in December 2022, Freenom was the source of well more than half of all new phishing domains coming from country-code top-level domains. Meta initially asked a court to seal its case against Freenom, but that request was denied. Meta withdrew its December 2022 lawsuit and re-filed it in March 2023. "The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers' identity, even after being presented with evidence that the domain names are being used for illegal purposes," Meta's complaint charged. "Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers." Meta pointed to research from Interisle Consulting Group, which discovered in 2021 and again last year that the five ccTLDs operated by Freenom made up half of the Top Ten TLDs most abused by phishers.
Interisle partner Dave Piscitello said something remarkable has happened in the months since the Meta lawsuit. "We've observed a significant decline in phishing domains reported in the Freenom commercialized ccTLDs in months surrounding the lawsuit," Piscitello wrote on Mastodon. "Responsible for over 60% of phishing domains reported in November 2022, Freenom's percentage has dropped to under 15%." Piscitello said it's too soon to tell the full impact of the Freenom lawsuit, noting that Interisle's sources of spam and phishing data all have different policies about when domains are removed from their block lists.
Well of course "Meta" went after them. (Score:3, Interesting)
They're not on your side... they just don't like the competition. When someone successfully steals your personal information via phishing, that makes Facebook's copy of that information less valuable.
Huh... (Score:2)
Does CAR, Gabon, Tokelau, Mali or Eq' Guinea mind? (Score:1)
....if websites registered to their countries are redirected to Porn sites by Freenom?
Even if Freenom knows to leave legit websites in those nations alone, not biting the hand that feeds them (I wonder what would happen if they redirected .gov.tk, .gov.ca, .gov.cf, .gov.ma or .gov.gq?), even if that is the case, that implies at the very least, that someone in a government of those countries is well aware of what Freenom is doing. i.e. they're in cahoots.
Freenom halted new domains (Score:4, Informative)