PhishTank is a project from OpenDNS that aids in checking out websites that attempt Phishing. OpenDNS is a service that offers both domain name resolving service as well as blocking websites that are suspected as phishing domains. PhishTank is a standalone service by the same company. OpenDNS claims it is a separate database and it is not used with PhishTank database when resolving website domains. That means two databases – one for OpenDNS and one for PhishTank. PhishTank is a web-based service where you can check if a website is malicious – if it is involved in phishing etc. attempts.
Searching for a Phishing website
You can directly use the website search feature, or in case you are building any security tool, you can use the data from PhishTank via its API. The first method is to use the search engine present on PhishTank website. The second method is to use its API. Any software builder can avail the API service just by registering himself or herself with the PhishTank website. There are no charges for either method. The API too is free as of now (on September 28, 2018). API is for people who are into software development.
For others, if you wish to check if any website is already present in the PhishTank, just type its URL in the search box and hit the search button.
Report Phishing website to PhishTank
You will have to register with PhishTank.com to add a phishing website to its database. It does not ask for much data. The only thing it needs is your email ID so that it knows that a human is submitting the URL.
After successful signup, log into the website and provide as much information as you can, about the phishing website or the site you think could be phishing. Don’t forget to add the URL of the website in question else the entry will not be considered by PhishTank.
After your submission of the suspected phishing website, it will be available under VERIFY PHISH part of the website so that others can log in and vote it up or down to verify the phishing nature of the website. A number of verifications are required before the URL is added to the PhishTank database.
Verify a Phishing Website in PhishTank
To help PhishTank, you can vote for or against websites present in its database. The process is called verification of Phish and is available under the VERIFY A PHISH part of the website. You will have to log in before you can verify websites.
You can also report phishing attempts via email to the PhishTank community. PhishTank asks you to redirect such phishing emails because forwarding the emails may remove certain information or modify the headers of the emails. To report phishing emails to PhishTank, simply redirect any suspected email to firstname.lastname@example.org.
By reporting websites and emails, you will be helping PhishTank in strengthening its database which, in turn, will serve others who suspect a website to be fake and will help security tools developers who use the PhishTank API to learn if a website is phishing suspect before sending its users that way.