Most of us receive multiple phishing e-mails and text messages and come across malicious sites from time to time.
But what can we do to protect others from getting scammed?
Taking down the sites can be quite a long process, but first we can do other things to prevent people from accessing the malicious url by accident.
Microsoft Smartscreen and Google Safebrowsing:
These anti-phising and anti-malware tools are build in on most browsers and can hereby help the most people. They essentially hold a database of al the malicious sites and give a warning before entering the site.
You can report links to https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site
And: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
Antivirus Providers
A lot of AV providers also have a way to report these sites, here is a short list:
Avast:
https://www.avast.com/report-malicious-file.php#mac
Norton:
Eset:
https://phishing.eset.com/en-us/report
Avira:
https://www.avira.com/en/analysis/submit
Bitdefender:
https://www.bitdefender.com/consumer/support/answer/29358/
Spam 404:
https://www.spam404.com/report.html
Symantec:
http://sitereview.bluecoat.com/#/
https://symsubmit.symantec.com/
Bright Cloud
https://www.brightcloud.com/tools/change-request.php
Netcraft:
Spamcop
Spam.org
Paloalto
https://urlfiltering.paloaltonetworks.com/
TrendMicro
https://global.sitesafety.trendmicro.com/index.php
Mcafee
https://sitelookup.mcafee.com/en/feedback/url
Forcepoint
And some national reporting sites:
https://phishing-initiative.eu/contrib/
https://www.circl.lu/urlabuse/
https://www.ncsc.gov.uk/section/about-this-website/report-scam-website
https://www.signal-spam.fr/en/
https://incydent.cert.pl/phishing
https://www.cert.ru/en/abuse.shtml
https://nki.gov.hu/en/ncsc/contents/it-security-incident-reporting/
https://www.antiphishing.ch/en/
https://www.incibe-cert.es/notificaciones
E-mail Phishing
Phishing/malicious e-mails can be forwarded to:
If you want me to take a look at it personally, you can also forward it to [email protected]
Or just copy this to the “to:”-field when forwarding
[email protected],[email protected],[email protected],[email protected],[email protected],[email protected], [email protected], [email protected], [email protected], [email protected]
Full takedown
If you don’t only want a warning before people enter the site but want the site to be gone from the World Wide Web, you can report the domain to the Registrar and report the site to the hosting provider or proxy service.
If you don’t know what the above terms mean, I will give you a short walk through.
Registrar:
Most sites have a domain name like “google.com” or “jeroengui.be”. Sometimes the domains are obfuscated to make them look legit. If you don’t know how to find the domain from an url you can use this tool:
https://www.goforpost.com/tools/domain-extractor/
These domain names have to be registered with a registrar. To find the registrar of a site, you can use a whois tool like:
https://whois.icann.org/ or https://whois.domaintools.com/
These are just some examples, just do a quick search on “whois search” and you find a lot more. Or, you can install whois on your Linux installation and use the “whois *domainname.com*” command.
When using the whois command you can find the registrar and also often an e-mail where you can report abuse of their services. Just e-mail them explaining that you encountered the phishing site that you are trying to report. If you don’t find an e-mail in the whois you can also search on the registrars site for an abuse form.
Hosting provider/proxy service:
Every site needs to be hosted on a server somewhere in the world. Often scammers use a hosting provider that hosts the site for them. To find the hosting provider, you can use a site like https://www.who-hosts-this.com/ or https://sitechecker.pro/hosting-checker/.
For the Linux users. Use the “host *domainname.com*” command followed by the whois command with as argument the first IP address that you found as output from the host command.
As with the registrar, you find an abuse e-mail or can look up the site of the hosting provider for an abuse e-mail or form.
Not every site is hosted directly by the company that you just reported to, sometimes they are just a proxy service like Cloudflare. Nonetheless do they need to take action and report the site to the actual host and stop providing the proxy service for the malicious site.
Final note
After taking all these steps and often waiting for some days, the site will be gone, or the malicious content deleted. Sometimes no action will be taken, but don’t worry about it, you did everything you could to make a safer place from the internet.
Thank you for taking a deep dive in the world of scam fighting with me. If all this seems a little bit much for you, you can still send any scam links, screenshots from sms and forward any suspicious e-mail to [email protected]. I automated part of the above process and when I find the time I will complete the other part manually.
If you have any questions, if I got something wrong, or if I forgot something: feel free to post a comment or send me an e-mail on [email protected]