According to a 2021 study by Kaspersky, half of phishing domains are active for less than four days, and one quarter for less than 13 hours. The study observed 5,307 phishing pages and found the average lifetime of each page to be less than seven days, with 71.4% of observed pages being inactive after 30 days.
Protective Holds Act Rapidly
Given the short lifetime of phishing domains, fast remedies such as protective holds are ideal. We can define protective holds as a hold, whether client or server, placed on a recently registered domain as soon as an abuse report is received and confirmed. The hold is an alternative option to escalating a domain for remediation to either the host, registrar, or registrant themselves. Protective holds have been observed to limit victimization by phishing by about 75%.
The True Cost of a Phishing Page
According to May 2023 phishing statistics, AAG-IT determined that an average of $136.00 is lost per phishing attack. CleanDNS placed 535,512 domains on a protective hold status between February 2022 and December 31st, 2022. Based on the cost of a phishing attack, the total victim cost for those domains would have been $72,829,632.00. With protective holds implemented, the cost was $18,207,408.00. CleanDNS saved victims $54,622,224.00 in 2022 and will continue to save victims millions of dollars per year.
In another example, the ic3.gov 2022 Internet Crime Report noted that there were 300,497 victims of phishing last year, with a victim loss of $52,089,159.00. This brings the average loss per victim to $173.34. With these numbers based on U.S. victims, the victim loss from phishing domains we placed on a protective hold in 2022 would have been $92,825,650.10. With protective holds implemented, the cost was $23,206,412.50. CleanDNS saved victims $69,619,237.60 in 2022, an average of $1,338,831.49 per week based on these statistics.
Protective Holds Work
As these numbers demonstrate, we can see that protective holds are a vital tool in combating DNS abuse. While this type of hold is not a requirement for the community to use, it is one that takes an aggressive stance against abuse and puts the victims first by ensuring as few individuals are victimized as possible. CleanDNS will continue using protective holds and other effective methods to defend against phishing and internet abuse.