top of page

This page is designed to help you recognize and fight phishing or (phone/text) scams.
 


What is Phishing?

  • Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.


Below is an example of a phishing email with tips on identifying if it's a phishing message.

Report A Phishing Website:

Right-click the link in the phishing email, and copy the hyperlink (DO NOT CLICK THE LINK). 

More about avoiding phishing emails: FTC.gov

Evaulation

Scan Links:

  1. urlscan.io: scan and analyze sites (provides a screenshot and more info)

  2. Palo Alto: scans and reports URL cateogry

  3. CheckPhish.ai: Phishing detection engine.

  4. phishcheck.me: runs in a sandbox-like environment

  5. VirusTotal: checks against blacklists.

  6. urlvoid.comruns against blacklists/databases.

  7. Browserling: opens link in protected environment

Investigate IP/Domains:

  1. DNS Blacklist

  2. PulseDive

  3. Check IoC: (up to 25 checks/day to scan IP or domains against databases)

  4. Netcraft SiteReport

  5. ThreatMiner.org: data mining for threat intelligence

  6. AlienVault OTX: open-source threat intelligence (can subscribe to "pulses") and create a free acct.

Reporting

  1. Google - google

  2. Microsoft - microsoft

  3. Fortinet: URL Submission/Review

  4. Palo Alto: At the bottom, you can "request change"

  5. CISA: send email to "phishing-report@us-cert.gov"

  6. Symantec: submit a file

  7. McAfee: creating acct helps track status

  8. Amazon: report an amazon-suspicious message

  9. Webroot BrightCloud

  10. PhishTank: account required (free)

  11. Netcraft: no account needed 

  12. CIRCL: shares with EU partners

​Report Abuse To Website Hosts:

  1. Find who hosts the website with WhoIsHostingThis and search Google for "webhost + abuse" to find their complaint contact information.

  2. WHOIS

Report Phishing & File Hosting Abuse Directly:

  1. 000webhost.com

  2. Dropbox

  3. DocuSign

  4. Amazon

  5. Weebly

  6. Wix

  7. Google

Link Shorteners:

  1. bit.ly abuse

  2. is.gd abuse

  3. Tiny.cc abuse

  4. shorturl.at abuse

Extra Phish Reporting

Via Email:

To Organizations:

Via Twitter:

If you have a Twitter account, you can message the people below (add a space or brackets so clicking it doesn't work). They are powerful researchers with connections to help shut down fraud:

Report Malware

  1. VirusTotal.com (shares reports/files with subscribers)

  2. Hybrid-Analysis.com

  3. Microsoft

  4. FortiGuard Scanner (Fortinet)

  5. Kaspersky

  6. TrendMicro (requires tool download)

  7. ClamAV (use in spam filters)

Other Tools For Personal Use:

  1. Sandboxie free tool to open potentially unsafe content (in a sandbox) to prevent virus spread.

  2. any.run

  3. IRIS-H

  4. sekoia

  5. crptam

  6. PDFExaminer

Report Phishing / Spam Text (SMS) Messages 

Copy the contents of the spam SMS and paste it into a message to this four-digit number: 7726 (S - P - A - M). This reports it to your phone company, so they can search who sent it and investigate and block. Don't click the link!​

7 7 2 6 (S P A M)

On iPhone: 

  1. Open the actual message on your phone

  2. Press and hold on the message to get a list of actions to pop up.

  3. Click on “more…” [example image on right]

  4. Click on the forward arrow at the bottom right

  5. Enter “7726” in the forward to field

  6. Hit the send arrow in the lower right

On Android: 

  1. Open the message on your phone

  2. Press and hold on the message to get a list of actions to pop up

  3. Select the “forward message” option

  4. The message will be selected, click the forward arrow in the upper right

  5. Enter “7726” in the forward to field. The number will display below for you to confirm the recipient

  6. Hit the send arrow in the upper right

SMISHING3.png

Report Unsolicited Calls & SMS

  1. Use the form on SpamResponse.

Newsletter
bottom of page