PhishTank will help you verify or report Phishing websites

PhishTank is a project from OpenDNS that aids in checking out websites that attempt Phishing. OpenDNS is a service that offers both domain name resolving service as well as blocking websites that are suspected as phishing domains. PhishTank is a standalone service by the same company. OpenDNS claims it is a separate database and it is not used with PhishTank database when resolving website domains. That means two databases – one for OpenDNS and one for PhishTank. PhishTank is a web-based service where you can check if a website is malicious – if it is involved in phishing etc. attempts.

PhishTank report Phishing

Searching for a Phishing website

You can directly use the website search feature, or in case you are building any security tool, you can use the data from PhishTank via its API. The first method is to use the search engine present on  PhishTank website. The second method is to use its API. Any software builder can avail the API service just by registering himself or herself with the PhishTank website. There are no charges for either method. The API too is free as of now (on September 28, 2018). API is for people who are into software development.

For others, if you wish to check if any website is already present in the PhishTank, just type its URL in the search box and hit the search button.

Report Phishing website to PhishTank

You will have to register with to add a phishing website to its database. It does not ask for much data. The only thing it needs is your email ID so that it knows that a human is submitting the URL.

After successful signup, log into the website and provide as much information as you can, about the phishing website or the site you think could be phishing. Don’t forget to add the URL of the website in question else the entry will not be considered by PhishTank.

After your submission of the suspected phishing website, it will be available under VERIFY PHISH part of the website so that others can log in and vote it up or down to verify the phishing nature of the website. A number of verifications are required before the URL is added to the PhishTank database.

Verify a Phishing Website in PhishTank

To help PhishTank, you can vote for or against websites present in its database. The process is called verification of Phish and is available under the VERIFY A PHISH part of the website. You will have to log in before you can verify websites.

Phishing Emails

You can also report phishing attempts via email to the PhishTank community. PhishTank asks you to redirect such phishing emails because forwarding the emails may remove certain information or modify the headers of the emails. To report phishing emails to PhishTank, simply redirect any suspected email to

By reporting websites and emails, you will be helping PhishTank in strengthening its database which, in turn, will serve others who suspect a website to be fake and will help security tools developers who use the PhishTank API to learn if a website is phishing suspect before sending its users that way.

Posted by on , in Category Security with Tags
Arun Kumar is a Microsoft MVP alumnus, obsessed with technology, especially the Internet. He deals with the multimedia content needs of training and corporate houses. Follow him on Twitter @PowercutIN

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 4 =