For the study, APWG surveyed 47,324 unique phishing attacks located on 26,678 unique domain names. The group found the number of TLDs abused by phishers expanded 7 percent from 145 in the second half of 2007 to 155 in the first half of 2008. The proportion of Internet-protocol number-based phishing sites decreased 35 percent in that same period, declining from 18 percent in the second half of 2007 to 13 percent in the first half of 2008.

“We’re seeing a trend away from fixed IP-based URLs which are readily shut-down to use of more domain based URLs,” said Internet Identity's Rod Rasmussen, co-chair of APWG’s Internet Policy Committee. “Many of these are on compromised servers which already have established ‘good’ reputations, while others are on fraudulently registered domain names supported by botnets or other throw-away hosting resources."

The report finds some correlations between registry policies and the prevalence and duration of phishing activity in their TLDs. APWG researchers’ analysis of phishing site uptime and other metrics showed that anti-phishing policies can help reduce phishing activity. Specifically, the .cn, .info, and .biz TLDs, whose managers have implemented counter-phishing programs, had phishing site uptimes notably below the industry average.