{"id":40806,"date":"2021-05-10T08:30:14","date_gmt":"2021-05-10T08:30:14","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/"},"modified":"2021-05-10T08:30:14","modified_gmt":"2021-05-10T08:30:14","slug":"namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/","title":{"rendered":"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report"},"content":{"rendered":"<p>Domains&#8217;n&#8217;hosting outfit Namecheap harboured more than a quarter of all known phishing sites that falsely posed as UK government web presences during 2020, according to the National Cyber Security Centre today.<\/p>\n<p>This stat can be found in the centre&#8217;s fourth annual Active Cyber Defence report, which <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.ncsc.gov.uk\/report\/acd-report-year-four\">boasts<\/a> how much digital filth it cleansed from the internet. These included 700,000 scam sites stretching across 1.4 million URLs, or so the NCSC tells us.<\/p>\n<p>It also encountered the usual COVID-themed ones we\u2019ve all become familiar with over the last year \u2013 fake copies of the NHS Test and Trace app laced with malware \u2013 plus sites impersonating Capita TV Licensing, the outsourced subscription sales arm of the BBC. Email scams were also popular, with 26,000 being shut down after netizens flooded the NCSC\u2019s <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/04\/21\/ncsc_email_scam_takedown_address\/\" rel=\"noopener noreferrer\">email reporting portal<\/a> with complaints of four million suspicious messages.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,leaderboard,mpu,\" data-lg=\",fluid,leaderboard,\" data-xlg=\",fluid,superleaderboard,billboard,leaderboard,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>The Active Cyber Defence programme is very much the NCSC\u2019s bread and butter, and largely involves protecting the public sector. It also spilling over into protecting the general public, thanks to certain areas of the programme focusing on telecoms.<\/p>\n<h3 class=\"crosshead\"> <span>Alpha energy<\/span><br \/>\n<\/h3>\n<p>One area where the NCSC hopes to make an immediate and positive difference is by killing off scam texts that appear to be sent from alphanumeric names such as UK_Gov. These are possible by design; UK mobile networks support the use of alpha tags in place of phone numbers but until very recently, there wasn\u2019t much in the way of security for those tags.<\/p>\n<p>Alpha tag scamming is easy if you know how, as infosec bod Jake Davis showed <i>The Register<\/i> last year by <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/10\/12\/ireland_covid_advice_sms_spoofable\/\" rel=\"noopener noreferrer\">sending SMSes<\/a> appearing to be from the Irish government saying \u201cit looks like you\u2019ve got the old cheeky corona.\u201d The NCSC is now beginning to crack down on and register British Government-themed tags (plus the telly tax agency, unusually) to prevent their reuse by scammers and ne\u2019er-do-wells through a <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/mobileecosystemforum.com\/2018\/11\/27\/sms-senderid-protection-registry-announced\/\">relatively<\/a> new thing: the SMS SenderID Protection Registry.<\/p>\n<p>Other telecoms security work included tightening up UK telcos\u2019 use of SS7, with unspecified vulnerabilities including one \u201cserious\u201d one being spotted over the last year. SS7, being an ancient protocol written just 14 years after the dawn of recorded time*, is <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2017\/05\/03\/hackers_fire_up_ss7_flaw\/\" rel=\"noopener noreferrer\">wide open to abuse<\/a> by anyone with access to a telco\u2019s inter-carrier backend.<\/p>\n<h3 class=\"crosshead\"> <span>What\u2019s going on here, Namecheap?<\/span><br \/>\n<\/h3>\n<p>The NCSC also highlighted how one host in particular had featured in its takedowns of phishing sites this year: Namecheap.<\/p>\n<div class=\"CaptionedImage Center Border\" readability=\"9\"><a href=\"https:\/\/regmedia.co.uk\/2021\/05\/07\/ukgov_phishing_host_graph_ncsc.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2021\/05\/07\/ukgov_phishing_host_graph_ncsc.jpg?x=648&amp;y=397&amp;infer_y=1\" alt=\"Top 10 hosters of UK government-themed phishing campaigns, highlighting NameCheap and GoDaddy who saw greater volatility in their monthly totals, 2020\" title=\"Top 10 hosters of UK government-themed phishing campaigns, highlighting NameCheap and GoDaddy who saw greater volatility in their monthly totals, 2020\" height=\"397\" width=\"648\"><\/a><\/p>\n<p class=\"text_center\">Top 10 hosters of UK government-themed phishing campaigns, highlighting NameCheap and GoDaddy who saw greater volatility in their monthly totals in 2020<\/p>\n<\/div>\n<p>The NCSC said in today\u2019s Active Cyber Defence report that Namecheap took an average of 47 hours to disable gov.UK-themed phishing sites, and hosted a 28.8 per cent share of known UK government-themed phishing sites; the second biggest harbourer of such scams last year, GoDaddy, KO\u2019d them within about 37 hours and had an 11.2 per cent share. We understand that in 2019 Namecheap only accounted for two or three per cent of this type of phishing website targeting the UK.<\/p>\n<p>We have asked Namecheap for comment. Earlier this year its chief exec, Richard Kirkendall, got into a Twitter spat with a fed-up <i>Reg<\/i> reader who publicly asked the company why it was hosting yet another scam site. Kirkendall\u2019s response was rather revealing when placed side-by-side with today\u2019s NCSC statistics.<\/p>\n<blockquote class=\"twitter-tweet\" readability=\"6.7225609756098\">\n<p lang=\"en\" dir=\"ltr\">More than 9 out of 10 abuse reports submitted to us are false or incorrect. We processed\/investigated 1.1 million abuse claims\/reports in 2020 and only 100k of them were actually found to be linked to abuse. Less than 1 percent of domains registered with us. Submit a ticket.<\/p>\n<p>\u2014 Richard Kirkendall (@NamecheapCEO) <a href=\"https:\/\/twitter.com\/NamecheapCEO\/status\/1369273660519964678?ref_src=twsrc%5Etfw\">March 9, 2021<\/a><\/p><\/blockquote>\n<p>Back in 2018 Namecheap apologised after <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2018\/02\/07\/namecheap_subdomain_security_hole\/\" rel=\"noopener noreferrer\">accidentally<\/a> letting criminals run fraudulent subdomains of other people\u2019s websites, while in early 2020 <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/03\/06\/facebook_namecheap_ads\/\" rel=\"noopener noreferrer\">Facebook sued it<\/a> for allegedly hosting imposter sites.<\/p>\n<p>&#8220;Looking specifically at the number of campaigns hosted by NameCheap against its monthly median attack availability, we see that by mid-year the median takedown times were consistently in excess of 60 hours,&#8221; said the NCSC report&#8217;s author, who also added that by December 2020 a full 60 per cent of gov.UK-themed phishing was found on Namecheap infrastructure.<\/p>\n<p>&#8220;This&#8221; said the NCSC, referring to the takedown times increasing, &#8220;undoubtedly made NameCheap an attractive proposition to host phishing and may explain the rise in monthly hosted campaigns that followed for UK government-themed phishing.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,leaderboard,mpu,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Whatever is driving the hosting firm\u2019s popularity among scammers, let\u2019s hope it\u2019s fixed soon.<\/p>\n<p>This week sees the NCSC\u2019s CyberUK conference taking place. This year\u2019s edition is a series of YouTube lectures, the pandemic not having receded far enough to risk it in-person. Billed to speak at the conference, which is positioned as a forum for online security matters, is <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/04\/19\/uk_anti_encryption\/\" rel=\"noopener noreferrer\">the virulently<\/a> anti-encryption Home Secretary Priti Patel. <i>The Register<\/i> will be recording her remarks for posterity. \u00ae<\/p>\n<h3 class=\"crosshead\"> <span>Timenote<\/span><br \/>\n<\/h3>\n<p>* 1 January 1970, as ane fule no.<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/05\/10\/ncsc_active_cyber_defence_report\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Also we fixed SS7 use by British telcos. How? Why? Not saying Domains&#8217;n&#8217;hosting outfit Namecheap harboured more than a quarter of all known phishing sites that falsely posed as UK government web presences during 2020, according to the National Cyber Security Centre today.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-40806","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-10T08:30:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report\",\"datePublished\":\"2021-05-10T08:30:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/\"},\"wordCount\":825,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/\",\"name\":\"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-05-10T08:30:14+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/","og_locale":"en_US","og_type":"article","og_title":"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-10T08:30:14+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report","datePublished":"2021-05-10T08:30:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/"},"wordCount":825,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/","url":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/","name":"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-05-10T08:30:14+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJj2VgAceEWaJZNDTgvTYQAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/namecheap-hosted-25-of-fake-uk-govt-phishing-sites-last-year-ncsc-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Namecheap hosted 25%+ of fake UK govt phishing sites last year \u2013 NCSC report"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40806"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40806\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}