---
title: "Phishing Attacks Depend Heavily on New Top Level Domains | Phish Protection"
description: "Phishing Attacks Depend Heavily on New Top Level Domains: When the Internet first began, there were just a handful of top-level domains in use. Top-level."
image: "https://phishprotection.com/og/blog/phishing-attacks-depend-heavily-on-new-top-level-domains.png"
canonical: "https://phishprotection.com/blog/phishing-attacks-depend-heavily-on-new-top-level-domains/"
---

Quick Answer

When the Internet first began, there were just a handful of top-level domains in use. Top-level domains (TLD) are the letters that come after the "dot" in the URL. Examples include .com, .org and .net.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-depend-heavily-on-new-top-level-domains%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20Attacks%20Depend%20Heavily%20on%20New%20Top%20Level%20Domains&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-depend-heavily-on-new-top-level-domains%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-depend-heavily-on-new-top-level-domains%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-depend-heavily-on-new-top-level-domains%2F&title=Phishing%20Attacks%20Depend%20Heavily%20on%20New%20Top%20Level%20Domains "Share on Reddit") [ ](mailto:?subject=Phishing%20Attacks%20Depend%20Heavily%20on%20New%20Top%20Level%20Domains&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-attacks-depend-heavily-on-new-top-level-domains%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/07/prevent-spear-phishing-5795.jpg) 

When the Internet first began, there were just a handful of top-level domains in use. Top-level domains (TLD) are the letters that come after the “dot” in the URL. Examples include .com, .org and .net.

One of the most-used **phishing tactics** is[ domain name spoofing](https://www.barracuda.com/glossary/domain-spoofing). Domain name spoofing occurs when an attacker uses a domain, that at first glance, looks legitimate, but isn’t because the attacker substituted one or two letters in the domain.

For example, here is what a spoofed Google URL would look like with the Os replaced with zeros: G00GLE.COM.

![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2019/07/prevent-spear-phishing-5795.jpg) 

Domain name spoofing can get pretty sophisticated. Hackers can use a[ Cyrillic alphabet](https://en.m.wikipedia.org/wiki/Cyrillic%5Falphabets) in which some letters appear identical to ASCII characters but are different letters altogether. For instance, in the Russian alphabet, the lowercase “a” is identical to the lowercase ASCII “a” but it’s not the same. So, if a hacker sent you and an email from **amazon.com** using a Cyrillic “a”, you’d think it was from Amazon but it would be from a completely different domain.

That’s the trick to domain name spoofing. _Use any method available to trick victims into thinking the domain is one thing while it’s actually another_. And the hackers now have another weapon in their arsenal: TLDs.

Domain name spoofing using new TLDs is on the rise. According to an[ article](https://www.darkreading.com/perimeter/how-fraudulent-domains-hide-in-plain-sight/d/d-id/1334987?%5Fmc=NL%5FDR%5FEDT%5FDR%5Fweekly%5F20190620&cid=NL%5FDR%5FEDT%5FDR%5Fweekly%5F20190620&elq%5Fmid=91589&elq%5Fcid=28171904) on the website Dark Reading, “Researchers saw ‘significant growth’ in fraudulent domains outside the classic ‘.com,’ ‘.net,’ and ‘.org.’ Some of the lesser known TLDs in fraudulent domains include ‘.top’ (#2), ‘.fr’ (#3), ‘.men’ (#19), and ‘.work’ (50). European country codes are often used among criminals hoping to fool victims with fake links.”

Why do these new TLDs work? Because “_If someone sees the name of a well-known bank in a URL, they’re likely to click without noticing a .pop or .xyz at the end_.” In essence, we’re more focused on the brand name than the TLD. And unfortunately, this isn’t even a very difficult exploit for hackers to pull off.

![Spear phishing protection](https://media.mailhop.org/phishprotection/images/2019/07/spear-phishing-protection-7954.jpg) 

When it comes to combating **domain name spoofing** you basically have two choices: you can be extra vigilant about every link you click on and try and decide if it’s a spoof or you can enlist the help of technology. Advanced [phishing protection](/) technology doesn’t care what the URL looks like or even if it’s spoofed. It just follows the link to see if it leads to a malicious website and if it does, it keeps you from clicking on it.

When you want to stop worrying about domain name spoofing forever, head on over to[ Phish Protection.](/) It comes with Smart Quarantine, real-time link click protection, malicious attachment blocking, display name [spoofing protection](/products/advanced-threat-defense/) AND domain name spoofing protection. Try it free for 30 days. You’ll be up and running in 10 minutes.

## Topics

[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 14m  12 Real-World Spear Phishing Examples And The Red Flags You Missed  Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[  Foundational 2m  8 million Android users fell prey to SpyLoan malware on Google Play Store  Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[  Foundational 1m  A Big Part of the Phishing Problem is You  Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Attacks Depend Heavily on New Top Level Domains","description":"Phishing Attacks Depend Heavily on New Top Level Domains: When the Internet first began, there were just a handful of top-level domains in use. Top-level.","url":"https://phishprotection.com/blog/phishing-attacks-depend-heavily-on-new-top-level-domains/","datePublished":"2019-07-17T12:07:17.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-07-17T12:07:17.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/phishing-attacks-depend-heavily-on-new-top-level-domains/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":476,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/07/prevent-spear-phishing-5795.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Phishing Attacks Depend Heavily on New Top Level Domains","item":"https://phishprotection.com/blog/phishing-attacks-depend-heavily-on-new-top-level-domains/"}]}
```