Is there a central place to report domains that have made phishing attempts against my users? I usually make a report to the host of the domain (GoDaddy, generally) but I was wondering if there is a more effective place to send a report?
2 Answers
You can report suspected phishing attempts to the Department of Homeland Security's US Computer Emergency Readiness Team (US-CERT) by forwarding the email in question to this address:
phishing-report@us-cert.gov
More information can be found here:
- 239
- 1
- 7
-
1My two concerns with that link as an answer here: 1. The world is a very large place and some parts of it are not America. Difficult to believe I know... 2. It refers to using *Outlook Express* for making reports. This software has been end-of-life for a *very* long time, so referring to it suggests the site is either dead or operated by fools. Either way, zero credibility there. – Rob Moir Jul 10 '18 at 21:17
-
1@RobMoir The site implies that the reports also go to APWG - "You can report phishing to APWG by sending email to phishing-report@us-cert.gov." which is international. It doesn't say anything about non-Americans not being able to submit through that address – Matthew FitzGerald-Chamberlain Jul 10 '18 at 21:42
Got Phish?
At the moment, the eminent SwiftOnSecurity maintains the following list of anti-phishing resources:
This is an excellent and exhaustive resource for reporting phishing sites to a multitude of online anti-phishing services, including Google Safe Browsing. It also includes links to tools that can be used to safely determine whether or not a site contains dangerous content.
Note for posterity: gotphish.com currently redirects to https://decentsecurity.com/#/malware-web-and-phishing-investigation/. I'd like to avoid plagiarizing this website's original content, but can reproduce some of it here if necessary so that this answer remains relevant.
- 123
- 4
-
Does SwiftOnSecurity run decent security? I thought they were separate people. – Rob Rose Jul 11 '18 at 02:54
-
@RobRose I believe so, at least they did back in January: https://twitter.com/SwiftOnSecurity/status/958746971946344448 – Arnon Jul 11 '18 at 17:38