The latest Verisign Domain Name Industry Brief noted that the country code Top Level Domain (ccTLD) for Tokelau’s ccTLD, .TK entered the top ten largest top level domain rankings as the seventh largest, moving ahead of .NL (Netherlands) which moved from seventh to eighth. It also sees .TK becoming the world’s third largest ccTLD behind .DE (Germany) and .UK (United Kingdom).Tokelau is a small group of three atolls in the South Pacific Ocean about half way between Hawaii and New Zealand under New Zealand administration since 1925 that now has “free association with New Zealand” according to the CIA Factbook. The islands have a land area of 12 square kilometres, an estimated population of 1,384 in July 2011 and comes 234th in the world in population size.So how does such a small group of atolls with a miniscule population become the world’s third largest ccTLD?The domain name is free which has helped, but as a number of reports, including Government Computer News, note that “in at least one notable case, phishing spam has driven the growth.”The ccTLD is managed by a Dutch company called Dot TK based in Amsterdam in the Netherlands.The Anti-Phishing Working Group (APWG) released a report titled “Global Phishing Survey: Domain Name Use and Trends in 1H2011” earlier in 2011 that said there were 6,333 phishing attacks and 6,214 unique domain names using .TK phishing domain names for the first half of 2011, the highest for any TLD. The report said there were 11.9 phishing domain names per every 10,000 domains, the third highest, behind only .MA (Morocco) and .TH (Thailand), however these are very small ccTLDs. The Moroccan ccTLD was the victim of an attack by hackers while .TH has been at the top of the APWG list for three years.According to the APWG report, “the .TK ccTLD had more phishing domains than any TLDs except .COM. The .TK ccTLD is a liberalised country code domain; the registry is a joint venture of the small Pacific nation of Tokelau and BV Dot TK, a privately held company. By offering free domain names, .TK has become the third-largest ccTLD in the world after Germany’s .DE and Great Britain’s .UK.”The downside is that the free .TK domain names became a popular resource for phishers in 2010. Every .TK domain used for phishing in 2H2010 and 1H2011 was maliciously registered. In 1H2011, most of the .TK domains – 5,518 of the 6,333 – were used to phish Chinese institutions.As a result of some measures to target phishing, the APWG report notes that “preliminary reports indicate that .TK phishing has dropped 40% in the third quarter of 2011.”