A new study has found that domain names ending in “.US” are highly prevalent in phishing scams. This is notable because “.US” is overseen by the U.S. government, which is frequently targeted by phishing domains ending in “.US.” These domains are only supposed to be available to U.S. citizens or those with a physical presence in the United States. However, the study discovered 30,000 .US phishing domains. The research suggests that GoDaddy, the largest domain registrar in the world, which manages the .US domain, has not been effectively vetting its customers. The prevalence of phishing activity makes it difficult to identify and verify the perpetrators.
https://krebsonsecurity.com/2023/09/why-is-us-being-used-to-phish-so-many-of-us/