It has no capital, no airport and only 1400 people who call it home, but the tiny isle of Tokelau has become the cyber crime centre of the world.
A new report by an international group tackling internet scams has confirmed that Tokelau, a New Zealand territory, has more malicious registrations under its .tk domain name than any other domain except .com.
These fraudulent web addresses are used for phishing, where emails are sent to random web addresses in an attempt to steal banking information and other personal details.
Tokelau sold its domain name to a Dutch company BV Dot TK, which provides the domain free worldwide, making it an easy target for scammers.
“By offering free domain names, .tk has become the third largest country code top-level domain after Germany’s .de and Great Britain’s .uk,” The Anti-Phishing Working Group wrote in its latest global report, released at a technology conference in Malaysia this week.
The report examined all phishing attacks in the second half of 2010 and found a “significant” number used the tropical nation’s domain.
“While there were phishing domains registered across 183 top-level domains, 89 per cent were concentrated in just four: .com, .tk, .net and .info,” the report stated.
About 80 per cent of Tokelau-registered names used for phishing were targeting Chinese institutions.
Tokelau itself is not responsible for the problem. The sale secured islanders free high speed broadband internet without the hassle of policing their domain.
Owner BV Dot TK appeared to be aware of the problem, admitting on its website: “we are used by fraudsters and we are very aware of this”.
The Anti-Phishing Working Group said the e-crime landscape was a constantly shifting battlefield, where phishers were always moving away from well-defended sites toward ripe targets.
“That makes free domains like .tk especially vulnerable to ongoing abuses,” it said.