3

Is there a central place to report domains that have made phishing attempts against my users? I usually make a report to the host of the domain (GoDaddy, generally) but I was wondering if there is a more effective place to send a report?

Richard
  • 133
  • 3
  • 2
    https://safebrowsing.google.com/safebrowsing/report_phish/ and https://www.antiphishing.org/report-phishing/ (they work with CERT) would be my picks. This is off-topic here, though. – ceejayoz Jul 10 '18 at 18:17
  • @ceejayoz ah, my bad – Richard Jul 10 '18 at 18:19

2 Answers2

4

You can report suspected phishing attempts to the Department of Homeland Security's US Computer Emergency Readiness Team (US-CERT) by forwarding the email in question to this address:

phishing-report@us-cert.gov

More information can be found here:

https://www.us-cert.gov/report-phishing

freginold
  • 239
  • 1
  • 7
  • 1
    My two concerns with that link as an answer here: 1. The world is a very large place and some parts of it are not America. Difficult to believe I know... 2. It refers to using *Outlook Express* for making reports. This software has been end-of-life for a *very* long time, so referring to it suggests the site is either dead or operated by fools. Either way, zero credibility there. – Rob Moir Jul 10 '18 at 21:17
  • 1
    @RobMoir The site implies that the reports also go to APWG - "You can report phishing to APWG by sending email to phishing-report@us-cert.gov." which is international. It doesn't say anything about non-Americans not being able to submit through that address – Matthew FitzGerald-Chamberlain Jul 10 '18 at 21:42
1

Got Phish?

At the moment, the eminent SwiftOnSecurity maintains the following list of anti-phishing resources:

This is an excellent and exhaustive resource for reporting phishing sites to a multitude of online anti-phishing services, including Google Safe Browsing. It also includes links to tools that can be used to safely determine whether or not a site contains dangerous content.

Note for posterity: gotphish.com currently redirects to https://decentsecurity.com/#/malware-web-and-phishing-investigation/. I'd like to avoid plagiarizing this website's original content, but can reproduce some of it here if necessary so that this answer remains relevant.

Arnon
  • 123
  • 4
  • Does SwiftOnSecurity run decent security? I thought they were separate people. – Rob Rose Jul 11 '18 at 02:54
  • @RobRose I believe so, at least they did back in January: https://twitter.com/SwiftOnSecurity/status/958746971946344448 – Arnon Jul 11 '18 at 17:38