Tokelau, three New Zealand atolls north of Samoa without a capital, an airport nor a harbor, gives away its domain name .tk.
Evidence shows Tokelau web addresses are dominant in internet phishing attacks.
In phishing, emails arrive at random addresses asking people to provide their log-ons and passwords to online shopping, banking and auction sites.
In a statement the Global Phishing Report by the Anti-Phishing Working Group, or APWG, warns that most malicious domain registrations linked to the phishing come from a South Korean domain and Tokelau.
APWG said a significant number of phishing attacks in the second half of 2010 originated from Tokelau which has become the third largest country-code top-level domain after Germany and Britain.
Researchers found that of the phishing domains, about 28 percent were registered specifically for malicious purposes.
