Fighting Cyber-Enabled Fraud 2025

instruments connected to the account holder (e.g. financial/payment traceability). This practice would leverage trust frameworks long in use such as those within the financial services sector. Where available, governmental digital identity programmes – such as those in Belgium, Estonia and several US states and provided for by upcoming EU initiatives (e.g. the Regulation on Electronic Identification and Trust Services [eIDAS])54 – should be used to strengthen verification processes and reduce fraud risk. Action 2 – Tighten oversight of bulk domain registrations and subdomain services: To reduce the prevalence of malicious bulk domain registrations in phishing and cyber-enabled fraud activities, registrars should restrict high- volume registration activities to established business customers with low-risk profiles. Building on customer due diligence practices, organizational identity should be robustly verified, payment methods attributed and customers should demonstrate positive track records over time. Volume and time-based thresholds for what constitutes “bulk registration” should be established through transparent, multistakeholder policy processes. For any provider that generates subdomains for third parties, the upstream registrar should require minimum abuse-prevention practices including account verification, monitoring high- volume subdomain creation and participation in signal-sharing collaboratives. Preventive measures should focus on detecting malicious subdomains at enrolment or early in their life cycle, while avoiding blunt interventions (such as suspending entire domains) that risk collateral damage to legitimate services. ICANN, ccTLD managers and national governments should explore mechanisms to embed such requirements into registry and registrar obligations, ensuring that they flow downstream to subdomain providers. Action 3 – Explore a short public notice period before new domains go live: Phishing domains are often delegated to the DNS and weaponized within hours of registration, giving defenders very little opportunity to act before abuse begins. One potential safeguard is to require all new domains to be publicly listed upon registration but withheld from delegation for a short, fixed time period (e.g. 24–48 hours). Many legitimate registrants do not place new domains into immediate use, registering them for future needs, so such a delay would not burden most users. It would, however, create a window for pre-activation detection of abusive or deceptive domains. Some registrants may have legitimate needs for immediate delegation, so mechanisms such as a refundable deposit – combined with accurate registrant information and a trusted payment source – could provide a fast-track option while maintaining safeguards. Bad actors could attempt to use the fast-track option, but the added cost and administrative burden might not align with their business model. Other registrants might not wish to have their domain publicly listed before delegation for intellectual property-related, competitiveness or privacy reasons. In those cases, conditional exceptions as mentioned above should be introduced. Cybercrime is a global challenge that exploits legitimate infrastructure and undermines trust in our interconnected systems. Through the work of the Partnership against Cybercrime, and tools like NetBeacon Reporter, we can collaborate widely across industries, including cybersecurity specialists, governments, law enforcement and individuals, to scale the disruption of threats like phishing and malware, making the internet safer for all. Graeme Bunton, Executive Director, NetBeacon Fighting Cyber-Enabled Fraud: A Systemic Defence Approach 14