PhishTank is a project from OpenDNS that aids in checking out websites that attempt Phishing. OpenDNS is a service that offers both domain name resolving services as well as blocking websites that are suspected of being phishing domains. PhishTank is a standalone service by the same company. OpenDNS claims it is a separate database, and it is not used with the PhishTank database when resolving website domains. That means two databases – one for OpenDNS and one for PhishTank. PhishTank is a web-based service where you can check if a website is malicious, if it is involved in phishing attempts, etc.
Searching for a Phishing website
You can directly use the website search feature, or if you are building a security tool, you can use the data from PhishTank via its API. The first method is to use the search engine present on the PhishTank website. The second method is to use its API. Any software builder can avail the API service just by registering themselves with the PhishTank website. There are no charges for either method. The API, too, is free as of now (on September 28, 2018). API is for people who are into software development.
For others, if you want to check if a website is already listed in PhishTank, just type its URL in the search box and hit the search button.
Read: How to report websites to Google or Bing
Report Phishing websites to PhishTank
You will have to register with PhishTank.com to add a phishing website to its database. It does not ask for much data. The only thing it needs is your email ID so that it knows that a human is submitting the URL.
After successful signup, log in to the website and provide as much information as you can about the phishing website or the site you think could be phishing. Don’t forget to add the URL of the website in question, else PhishTank will not consider the entry.
After your submission of the suspected phishing website, it will be available under VERIFY PHISH part of the website so that others can log in and vote it up or down to verify the phishing nature of the website. Several verifications are required before the URL is added to the PhishTank database.
Read: Where to report Online Scams, Spam and Phishing websites?
Verify a Phishing Website in PhishTank
To help PhishTank, you can vote for or against websites present in its database. The process is called verification of Phish and is available under the VERIFY A PHISH part of the website. You will have to log in to verify websites.
Read: How to report Phishing email in Outlook
Phishing Emails
You can also report phishing attempts via email to the PhishTank community. PhishTank asks you to redirect such phishing emails because forwarding the emails may remove certain information or modify the headers of the emails. To report phishing emails to PhishTank, simply redirect any suspected email to [email protected].
By reporting websites and emails, you will be helping PhishTank strengthen its database, which, in turn, will serve others who suspect a website to be fake and will help security tools developers who use the PhishTank API to learn if a website is a phishing suspect before sending its users that way.
