We are all very much aware of phishing websites, these are usually defined as websites that look like the real deal, but actually just steal your credentials for further damage down the road with your accounts.
👻 malicious websites, Hidden in plain sight
They can actually be pretty hard to spot because sometimes they can use clever technologies so check in the certificate or the URL may not be obvious, while there was lots of money in scamming people, there was an unlimited supply of development in this arena.
👀 Check Newly registered domains with who.is
The first sign of trouble is if the domain has been newly registered, usually, this is classed as within 30 days of registration, most the time you can check this registration with Whois.
My go to website for these lookups is https://who.is
Once you get there enter the domain name you’re interested in looking up and this site will return all the "whois" information:
You can ascertain that the domain was registered in 2006 and his regularly been updated, which means this particular domain has been active for 18 years - this would indicate that if this domain did host fishing site, there’s a high chance they’ve got zombified infected server that's doing unofficial and unauthorized actions.
However, if we look at another domain, I own that was not recently registered It has been established over a year the results will look like this:
While it’s not fresh out of the registration process, it’s not been established as long as my primary domain, which could be suspicious for some people, obviously, just remembered that from a time span this domain has nearly been registered for a whole year, so it would not necessarily end up on a newly registered domains list.
🪨 Newly registered domain example
If we are looking for an example of a newly registered domain, you can quite easily query the database for newly registered domains and the first one I got was the one below that seems to have been Registered at the end of last month, so this domain would be classified as newly registered.
⚠️ Warning : Just because a domain is newly registered, does not mean it’s got malicious content on it, The domain in this example has a holding page so there is no malicious content, but this is to prove the point of what a newly registered domain is.
This is one of the indicators and does not necessarily mean it’s malicious, You will find there are services that provide DNS protection that will automatically protect from newly registered domains, while this sounds like a great idea but can occasionally misfire like if you registered a brand new domain and then your Web filtering blocks it, Essentially, meaning, no one can visit it for 30 days unless you make an exception.
The website you found that is obviously phishing May or may not be newly registered, but I would imagine there’s a higher Chance of a newly registered domain, potentially being malicious.
So, you found this website that is obviously not legitimate and you feel compelled to do something, well, the good news is with security being a priority there is now there is absolutely something you can do to protect other people from this website.
🛡️ Start with the Browser Protection
The first part of call should be To report that website to the browser protection technologies which will warn people it could be a malicious website - this is a red screen telling people that could be danger ahead where they have to manually override the warning before they get to the website.
- Google Safe Browsing via https://safebrowsing.google.com/safebrowsing/report_phish/
- Edge Smart Screen via https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site
- Firefox Monitor (uses Google Safe browing)
You can visit the link shown above to report those websites as malicious, and once the reports are active upon, which is usually pretty quickly if you report is correct, I have usually found the results to be applied in under 24 hours if the report is official and valid.
⛔️ Protection : Alerts before website
This is what the Google Safe Browsing error looks like, obviously The only clickable button will take you back one webpage to where you were before You need to look for the hyperlink If you wish to override this warning and visit the website anyway:
Then this is the same on Edge, The reason I look so similar is because Edge is essentially chrome as it’s based on chromium:
🌈 Report it to filtering providers
You have already reported this website to the browser providers, which hopefully will mean the URL if reported correctly and is malicious will be protecting other people.
However, with this approach, if you’re using one of the newer non-mainstream browsers, you may not be protected by these technologies, or simply the user wishes to visit the website, regardless of the risk and ignores the warning.
‼️ - If people do actually ignore the red warning screen and then actually cause themselves a problem, then being honest they only had themselves to blame because they’ve had to purposefully and consciously bypass a safety warning, people like that fall into the category of beyond help.
Obviously, these steps need to be done manually because many of these forms have a reCAPTHCA on them so you can’t easily automate this process, In fact forms that use this protection technology, it’s practically impossible to bypass.
😀 Prepare the required information
You will be for various information depending on the one you go to, but for the general consensus the information I would probably prepare is as follows:
- Email address
- Suspicious URL
- Short description about what’s wrong with it
- Screenshot
🫵 Report malicious websites
Once you have this information, you can then make the Internet a safer place by visiting the URLs below one by one and reporting this website as malicious.
Cisco Umbrella (OpenDNS) on https://umbrella.cisco.com/submit Zscaler on https://www.zscaler.com/contact-form Forescout on https://www.forescout.com/company/contact/ Symantec (Broadcom/Blue Coat) on https://sitereview.bluecoat.com/ Forcepoint on https://www.forcepoint.com/company/contact-us/report-security-threat Barracuda on https://www.barracuda.com/support/knowledgebase/50160000000HNvUAAW Fortinet on https://www.fortiguard.com/faq/wfrating Sophos on https://secure2.sophos.com/en-us/support/samples.aspx Palo Alto Networks on https://threatvault.paloaltonetworks.com/ PhishTank on https://www.phishtank.com/ McAfee on https://www.siteadvisor.com/sitereport.html Kaspersky on https://opentip.kaspersky.com/ ESET on https://www.eset.com/us/about/contact/report-phishing/ Bitdefender on https://www.bitdefender.com/submit/ Webroot on https://www.brightcloud.com/tools/url-ip-lookup.php
✅ Tracking your results
If you’re looking to track your results to see how many providers have been moved ahead with your request and blocked, the website has been malicious then you can use the Virus Total URL checker (yes there are others but this is a common one)
https://www.virustotal.com/gui/home/url
This will allow you to enter a URL and check if it’s malicious or not by all the individual vendors let’s start with the website you’re visiting now, here you can see there have been zero reports of threats or malicious content.
That’s is what we should see but what happens if we go to a website that is actually a malicious website what does Virus Total say about that?
Then the security vendors also confirm this as phishing all 10 of them:
Interesting point, I’m not sure about you, but I’d rather make the Internet safer place that makes it harder for scammers and malicious threat actors to successfully do their job.
There is absolutely massive amounts of money to be made in scamming people out of money and destroying peoples lives with these horrible fake websites that many people don’t notice until it’s too late.
You see all these YouTube Channels fighting back against these kind of people, while I’m not going to be making videos about it because I’m not really about that, it doesn’t mean I can’t help make the Internet safer place.
Following all these steps, takes me about 10 minutes, if that saves just one person from losing their account or being scammed out of their whole life savings then from my point of view that’s worthy of 10 minutes of my life.
Scamming and malicious activity these days is a little like electricity, and that chooses the path least resistance, do not make it easy for people that do dis justice and wreck and cause havoc on peoples lives.
☹️ Malicious activity is more than the Internet
Malicious activity is not just limited to the Internet, it’s now affecting your SMS messages and your phone calls and your emails.
If you are expecting good delivery, there’s a good chance you will get a malicious link that won’t affect your delivery, but will trip you into paying money that you didn’t need to pay.
If you get a random phone call from a London number or a number you don’t recognize and when you answer the phone, they tell you there from 02 and you were refunds or a contract upgrade - That will also be a scam - If you wish to prove this correct, say to the person on the other end of the line….
“I am not interested in being scammed today”
They will either hang up the phone call or insist that this is not a scam and you’re due a refund from O2 even though you’ve never had a contract without two the contract you’ve got is current, using the words “refund” works for so many people that it seems to switch off their security suspicions.
Finally, we have email, I decided to leave Amazon Prime Because it added no value to my experience for £100 a year, as many of the services now have a paywall to get the better service, for example:
Free Unlimited photos, Pay for videos
Free unlimited music, Pay to pause go forward and backwards and listen to the album as a complete album
Free unlimited videos, That don’t include the videos you actually want to watch you need to pay further for them
Free delivery, That’s not free because you’re paying for it yearly
I therefore canceled Prime, this started a sea of malicious messages that had nothing to do with Amazon, but they did accurately know how many days I had left on my prime account when it expired and once it expired the emails changed to renew your prime membership - luckily Gmail filtered all these horrible messages for me.
This does not stop the malicious activity because over the last couple of days I’ve had phone calls from an automated robot that is not Amazon telling me how I will be charged for my prime account and I would like to cancel it I need to talk to a scammer., sorry Amazon Agent.
🫥 Never let your guard down
The actual state of affairs, or the advice I can give you is to never let your guard down, if something doesn’t seem right, don’t forfeit it because it sounds like a good idea or someone says they’re going to save you money.
Everybody should be marked as guilty and trying to scam you until you prove that’s not happening.
The world is not a fair place, and unfortunately, our legal system does not mean justice prevails to the people that should be getting justice.
Remember, stay safe on the Internet and always be suspicious about everything until you’ve proven it to be correct