Blog
Domain Stories

The Rise of Scam Domains: How Cheap TLDs Are Fueling Cybercrime

By:
Andrew Richard
February 23, 2025
5 min read

Cheap Domains & Costly Scams

Phishing scams are exploding—up by 40%—and a third of those attacks are happening on brand-new, less expensive domain extensions like .shop, .top, and .xyz. Why? Because these domains cost less than a gas station coffee and require almost zero verification to register.

Meanwhile, .com and .net still dominate the internet but only account for 40% of cybercrimes. The real problem? These new domains make up just 11% of the web but are already responsible for almost the same number of scams. It’s like opening the floodgates for digital criminals—no bouncer, no ID check, just open season for phishing attacks.

ICANN’s Big Idea: More Domains, More Problems?

The Internet Corporation for Assigned Names and Numbers (ICANN)—the global referee for domain names—has a bold plan: release even more domain extensions by 2026. Critics are calling this a scammer’s dream, warning that flooding the market with inexpensive, unregulated domains will only make fraud easier.

It’s already hard enough to track down shady websites. Imagine thousands more questionable domains popping up overnight. If ICANN doesn’t step up enforcement, we’re looking at an internet overrun with cyber grifters.

The Top Phishing Target? The U.S. Postal Service

The #1 phishing scheme? It’s not a bank, PayPal, or Google—it’s the U.S. Postal Service. Cybercriminals are going all-in on fake USPS tracking scams, hitting them four times harder than any other company.

The strategy is simple but effective: send fake delivery notices, get victims to click sketchy links, and steal their login credentials or payment info. It’s a modern take on “your package is delayed,” except now, instead of mild annoyance, you’re getting your identity stolen.

Should ICANN Fix This, or Are We Stuck With Chaos?

So, should ICANN put tighter controls on new domains to stop scammers, or are we destined for an internet where every click could be a trap? Right now, cheap domains and lax rules are fueling one of the worst security risks in years.

For businesses and startups, this means locking down your brand name and the associated domains to minimize the threat from phishing scams. And for everyone else? Stay sharp, check URLs carefully, and don’t click that weird email about an undelivered package. The internet isn’t getting safer anytime soon.

Andrew Richard
Digital marketer specializing in premium domain acquisition.
Share this post
Tag one
Tag two
Tag three
Tag three

Join the Snagged Newsletter

Get a weekly dose of fascinating, untold stories from the early internet and the world of domain names. Also hear from startup founders and the acquisition stories behind some of the internet's most iconic domain names.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.