Phishing and gTLD Exploitation on the Rise as Cybercriminals Adapt to ICANN’s Policy Changes

MIAMI, March 24, 2025 /PRNewswire-PRWeb/ — Cybercriminals are evolving their tactics, increasingly exploiting domain name vulnerabilities to launch sophisticated fraud campaigns. According to the latest ICANN Domain Metrica data, over 425,000 domains are currently flagged for abuse, highlighting the growing risks businesses face in protecting their digital presence.

As a leader in domain security and trademark protection, Nominus has analyzed the latest trends shaping online fraud in 2025—and the findings reveal alarming shifts in cybercriminal behavior.

Key Findings: The State of Domain Fraud in 2025

• Phishing domains dominate: Over 422,000 domains (0.192% of all gTLDs) are tied to phishing scams, making it the most common form of domain abuse.
• Exploitation of new gTLDs: Cybercriminals are taking advantage of less familiar generic top-level domains (gTLDs) to launch impersonation and phishing attacks.
• Expired domains repurposed for fraud: Attackers are increasingly re-registering lapsed corporate domains to exploit brand trust, intercept emails, and conduct scams.

Emerging Domain Fraud Trends Businesses Must Watch

One of the most significant trends is the rise of AI-generated phishing domains, where attackers are now using artificial intelligence to automate the creation of lookalike domains. These domains closely mimic legitimate brands, making them harder for users and security tools to detect. The ability to mass-produce deceptive domains at scale has made phishing attacks more convincing than ever.

Another growing concern is targeted attacks via industry-specific gTLDs. The expansion of domain extensions like .bank, .law, and .health has created new risks, as scammers exploit these TLDs to appear credible to unsuspecting victims. Many businesses assume these industry-focused domains provide an added layer of security, but cybercriminals are taking advantage of this perception to deceive users.

Additionally, typosquatting and business email compromise (BEC) attacks are becoming more sophisticated. Cybercriminals are no longer just registering obvious misspellings; they are using hyphenated variations, homoglyphs (e.g., replacing ‘o’ with ‘0’), and subdomains to bypass traditional detection methods. These subtle domain manipulations make it easier for attackers to impersonate trusted brands and intercept sensitive business communications.

“These latest findings confirm that domain abuse is escalating. Fraudsters are leveraging ICANN’s policy shifts, particularly the expansion of gTLDs and changes to WHOIS access, to create more deceptive scams,” said Rick Crandon, a domain security expert at Nominus. “Businesses that fail to take a proactive approach to domain security risk not only financial losses but also long-term damage to consumer trust.”

To mitigate these threats, Nominus recommends that businesses:

• Lock down key domains and variations by securing primary domains, brand variations, and common misspellings across multiple gTLDs.
• Monitor new gTLD registrations with real-time alerts to detect and take action against fraudulent domains before they cause harm.
• Strengthen domain authentication and DMARC policies to prevent email spoofing attacks linked to expired or impersonation domains.
• Leverage defensive domain strategies by registering industry-relevant gTLDs to prevent competitors or malicious actors from misusing them.

About Nominus

Nominus is a leading provider of domain registration, trademark protection, and online security solutions for businesses worldwide. With expertise in ICANN policies, domain security, and brand enforcement, Nominus helps companies safeguard their digital assets and defend against emerging cyber threats.

For more information, visit www.nominus.com.

Media Contact

Charli Sharp, Nominus, 1 7576756770, charli@sharpercomm.com, www.nominus.com

View original content:https://www.prweb.com/releases/nominus-identifies-top-domain-fraud-trends-impacting-businesses-in-2025-302407645.html

SOURCE Nominus