Great job avoiding that phishing message – but you can do more.
It’s easy to simply delete these messages and move on with your day, but by helping to take down phishing and scam website, you can also help prevent others from falling victim. Make the web a safer place for everyone by taking a couple minutes to report the websites hackers are using in their phishing scams. You can quickly and easily do this by reporting the malicious URL to multiple security companies. This flags the website as potentially malicious and can ultimately lead to its removal or deletion.
Unfortunately, most scam websites go undetected by antivirus or security companies. The only way they can block these sites for others is by getting reports from others. These reports can make a huge impact when shared, because it can allow these security companies to provide user warnings until the site is eventually taken down.
How Hackers Use Websites for Phishing and Scams
Hackers most frequently use these fake websites to hijack your accounts. They typically spoof a website that requires you to login to access information, such as Google, Amazon, Facebook, LinkedIn, Microsoft 365, and more. Always be on alert if you click a link and are taken to login page! Check the URL to be sure it’s not one of these spoofed websites. To be sure, just skip the page that pops up altogether, open a new tab or window, and type in the company’s site yourself to login.
By stealing someone’s passwords and login credentials, an attacker can access more than just what’s on the website they are spoofing. Since many people use the same password on multiple websites, hackers can use the login information to get the person’s information in other places. A few years ago, customers found out that not even their Dunkin Donuts Perks accounts were safe.
Another way hackers use fake websites is by setting up a fake payment page. In particular, the fake delivery scam tells you a delivery company wasn’t able to deliver your package, but if you go to a website and pay a very small fee, you can have them deliver it at a time you’re available. Usually the website they send you to is fake, and when you put in your payment information, they’ll use it to charge other things to your account. Always be on alert when you’re asked to pay something, even if it is just a very small amount. A hacker can do a lot of damage with your payment information.
How Spot Phishing and Scam Websites
Be on alert when there’s a link. It’s smart to check to see where it’s trying to take you. Even if the text shows a link, the coding behind the scenes may be taking you to somewhere else. If the text in the message and the location of the link are different, beware. Finally, beware of links hidden by short URLs, such as bit.ly/ or t.co/. You can check these short URLs at checkshorturl.com to see where they will take you. If it looks suspicious, don’t click the link.
You can also look up the registration date of the website using the WHOIS registration data. Scammers often use newly registered domain names that haven’t been up and running for very long before they get caught and taken down. If you wanted to be extra cautious, you can automatically block newly registered domains by using a service like NextDNS that lets you add filters, including newly registered domains.
If you come across a phishing or scam website, copy the URL to a safe place like notepad and take a screenshot of the scam portion of the website, such as the fake login window. Then, use the information to report it at the websites below. Once alerted to these malicious websites, these companies can help others avoid falling victim to them, and it can eventually lead to the scam website being taken down.
Where to Report Phishing and Scam Websites
Some of these sites may require you to create and verify an account the first time you make a submission. Once completed, you should be able to more easily submit websites.
- Avira: https://www.avira.com/en/analysis/submit-url
- BitDefender: https://www.bitdefender.com/consumer/support/answer/29358/
- BrightCloud: https://www.brightcloud.com/tools/url-ip-lookup.php
- Cisco Talos: https://talosintelligence.com/reputation_center
- CRDF: https://threatcenter.crdf.fr/submit_url.html
- ESET: https://phishing.eset.com/en-us/report
- Forcepoint: https://support.forcepoint.com/s/site-lookup
- Fortiguard: https://www.fortiguard.com/webfilter
- Google SafeBrowsing: https://safebrowsing.google.com/safebrowsing/report_phish/
- Kaspersky: https://opentip.kaspersky.com/
- McAfee: https://sitelookup.mcafee.com/
- Microsoft: https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site
- Netcraft: https://report.netcraft.com/report
- PaloAlto Networks: https://urlfiltering.paloaltonetworks.com/
- Spam404: https://www.spam404.com/report.html
- Symantec: https://sitereview.symantec.com/#/
- Trend Micro: https://global.sitesafety.trendmicro.com/index.php
Taking action against scam and phishing websites is crucial in protecting ourselves and others from harm. Taking a couple minutes to report malicious URLs to these companies can make a huge impact in shutting them down.