NameCheap hosted nearly a third of government-themed phishing sites last year

NameCheap overtook GoDaddy as the top host of gov.UK phishing sites

Domain registrar NameCheap surpassed GoDaddy as the most popular host of UK government-themed phishing domains in 2020, according to the fourth annual Active Cyber Defence (ACD) report by the National Cyber Security Centre (NCSC).

The report revealed that NameCheap hosted 28 per cent of all government-styled phishing sites last year, rising to more than 60 per cent by December.

The Arizona-based company took an average of 47 hours to take down gov.UK-themed phishing sites - 10 hours longer than GoDaddy, which hosted 11.7 per cent of UK government-themed phishing sites.

GoDaddy hosted 15.7 per cent of these sites in 2019, with NameCheap far below it in 9^th position - accounting for just 2.5 per cent gov.UK phishing sites.

NameCheap told The Register: 'Fighting fraud and abuse is a constant focus for online service providers, globally.

'Since the start of the COVID-19 pandemic, NameCheap has seen a 100 per cent increase in the amount of fraud and abuse cases reported to us. This is on top of the cases we identify and take action against ourselves, the number of which has also increased tenfold. NameCheap investigates every one of these reported cases and takes action wherever abuse can be verified.'

The company said it is working alongside the NCSC on the issue, and that the agency commended it 'for our assistance' in 2020.

HM Revenue & Customs (HMRC) was scammers' most-copied brand last year, attracting over 4,000 campaigns. It was followed by the generic gov.uk and TV Licensing, which attracted 3,322 and 3,035 campaigns, respectively.

The NCSC said that a surge in coronavirus and NHS-themed cyber crime since the start of the pandemic led to the agency recording a 15-fold increase in the removal of online fraud in 2020, compared to 2019.

The NCSC's ACD programme dealt with 122 NHS-related phishing campaigns in 2020, compared to 36 in 2019. Attackers used the Covid-19 vaccine rollout as a primary lure in their text and email messages to steal people's personal data for fraud.

The NCSC also took down around 43 fake NHS Covid-19 Test and Trace apps last year, hosted outside of official Google and Apple app stores.

Not the first rodeo - or the second, or third

This isn't NameCheap's first run-in with scammers. The company had to issue an apology in 2018 after accidentally allowing cyber criminals to run fake subdomains of other peoples' websites.

In 2019, Facebook sued NameCheap - and its proxy service Whoisguard - for allegedly selling imposter web addresses that deceived 'people by pretending to be affiliated with Facebook apps'. Facebook said that Whoisguard registered 45 web domains, including facebo0k-login[.]com, instagrambusinesshelp[.]com, and whatsappdownload[.]site, which infringed on Facebook's trademarks.

Earlier this year, the US Financial Industry Regulatory Authority (FINRA) issued a regulatory notice warning US brokerage firms of phishing messages being sent from finra-online[.]com, a spoofing domain registered through NameCheap.

FINRA said that it had reached out to NameCheap and requested the company to suspend all services for the domain.