BrianKrebsSep 1, 2023

Why is the .US domain -- the country code top-level domain (ccTLD) for the United States -- consistently among the most prevalent in phishing domains?

And why is this okay, when other ccTLDs that also restrict registration to residents/citizens don't seem to have this problem? And when a fair number of .US domains are used to attack US government agencies? Today's story explores these questions:

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.

https://krebsonsecurity.com/2023/09/why-is-us-being-used-to-phish-so-many-of-us/

Why is .US Being Used to Phish So Many of Us? – Krebs on Security

Show threadThomas Barrett 👨‍💻Sep 1, 2023
@briankrebs Who are the registrars? I remember when having a .us TLD, I had to prove that I was US-based and was not allowed to hide my WHOIS.
Show threadBrianKrebsSep 1, 2023
@trbarrettjr GoDaddy manages it now. Here's what their page looks like on attestation. You can see the option that you're an American citizen is already populated.
Show threaddigitalcatnip
@briankrebs @trbarrettjr Big surprise - outsource this to a for-profit entity and they try to maximize their profit. Great reporting that draws attention to an embarrassing issue for the US
Sep 1, 2023 at 7:35pmWeb
Show threaddeltatux Sep 2, 2023
@digitalcatnip @briankrebs @trbarrettjr

I actually wonder how much of an issue spam is on different ccTLD, comparing those managed by for profit contractors vs. those managed by non-profit ones.

For instance, .ca is managed by @cira, which is a non-profit tasked to manage the .ca ccTLD. I wonder how much spam there is with .ca vs. .us in proportion to how many domains they have in total.