The .fish website that caught visitors in a phishing net

From the look of it, the discovery of the first phishing site hosted on a .fish domain is putting more people at risk of suffering from bad puns than anything else.

Read a few news accounts about it and you will have to wade (sorry) through descriptions of victims being, “baited … hooked … reeled in … left to sharks … losing their hard-earned clams”, along with speculation about whether the site had been compromised or created specifically for the “porpoise of phishing”, and whether you needed to be a “brain sturgeon” to figure it out, etc.

There’s more – lots and lots more – but you get the idea. The less humorous reality is that the threat was real – was, as in, no longer. Netcraft web tester Paul Mutton reported Monday in a blog post that the company had found and blocked the site “”.

But before that, if anyone had been lured (sorry again) to the site, “a cheeky 99-char meta redirect sent them off to a separate phishing site hosted in Vietnam. This then attempted to steal online banking credentials by impersonating the French banking cooperative, BRED.”

As threats go, however, massive damage from this one seems highly improbable. Netcraft said it doesn’t know how many visitors there were to the site, but the victim pool (sorry yet again) was likely quite small.

This was the first phishing site it had found that was hosted on the homepage of a .fish generic top-level domain (gTLD). Even legitimate sites using those domains are very rare. Netcraft said within its top million websites are only one .fish and one .fishing. Among the 1.8bn in its site survey are fewer than 6,000 that use .fish or .fishing. As a percentage, that’s a decimal with five zeros after it.

And, a very small audience means a very small phish market (OK, enough).

The site might not have been created with malicious intent either. While it had been registered through  Tucows’s Contact Domain privacy service, to keep its owner secret, Netcraft said “the fact that the phishing content has also already been removed from its homepage suggests that the site may simply have been compromised”.

But, while this specific site might only have been a small problem, phishing itself is a very large problem – one that affects all domains. Numerous surveys have found that phishing is the top delivery vehicle – up to 95% of targeted attacks begin with an email – for ransomware and other malware. And nearly a third of phishing emails still get opened by unsuspecting workers, according to the 2016 Verizon Data Breach Investigations report.

That is something to take seriously, no matter how many puns are involved.