Phishing is one of the biggest problems that exist today while browsing the network. Phishing by definition is a message that reaches you that directs you to a page that pretends to be another page looking for your login details. In this article I will explain how to notify this type of emails to Google in order to pull down the link and that no one else is exposed.
This time we will refer to an SMS that reached our mobile and the steps we will follow to report it. These steps are simple and you won’t waste much time.
Phishing message that arrives by SMS
A while ago I got a message from Phising via SMS. The way to report a Phishing case would be the same if what comes to you instead of an SMS is an email. You can see the message in Fig 1.
Figure 1. Phising message received by SMS
There are several ways to detect it with the naked eye:
- I received this sms from I.BBVA notifying me that they’re going to suspend my account. I don’t have a BBVA account, so it’s already fake at the outing point.
- The link wants us to take action quickly because it threatens to suspend our account. The fact that they ask us to make a quick decision already gives us another clue.
- The url to which you are directing the message does not have as a bbva.com but giize.com, the url is this -> https://particulares-personasbbvata.giize.com. I share the url because it is already notified and there is no danger of anyone falling on this fake page.
Looking for the domain giize.com
If we keep the domain of the original message, giize.com and enter it in a browser we see that it redirects us to a page that offers a free dynamic DNS service, https://www.dynu.com/DynamicDNS. I have contacted this website to let them know that on their servers they have hosted a phishing page. This is a correct way to act, report the page to the server hosting it.
The information for that domain in whois is the following image where in addition to seeing that the registrar is dynu.com has an email to report abuse, abuse@dynu.com. You can also contact this address to notify this page.
What to do to report Phishing
There are several online tools that allow you to notify that a url is phishing. In this way warn the navigators that they do not have to enter it. Due to the gigantic power of google, the best idea is to notify them that a page is fraudulent.
Report a phishing page
The website https://safebrowsing.google.com/safebrowsing/report_phish/?hl=es offers the possibility to notify a phising page. If you report a page and google detects that it is fraudulent it will automatically notify visitors that you should not enter it. When you submit websites, Google receives some account and system information. This data is used to protect Google products, their infrastructures, and users from potential harmful content. If you determine that a website violates Google’s policies, turn it off.
Google Safe Browsing
Similar to the above there is a technology called Google Safe Browsing that examines billions of URLs daily for unsafe websites. Thousands of new unsafe sites are discovered every day, many of which are legitimate websites in danger. When Google detects unsafe sites, warnings are displayed in Google Search and web browsers. The address is https://transparencyreport.google.com/safe-browsing/search?hl=es_419.
Google’s secure browsing page provides a graph showing the malware sites and phishing sites that have been detected by this technology. For example, on October 1, 2020, more than 40,000 phishing websites were found, 40,000 sites pretending to be what they are not to keep our data.
Page labeled as a misleading site
When a person notifies that that page is misleading Google notifies future visitors that it is fraudulent and that they do not have to enter it. The advice is from Google Safe Browsing. However, the page is still online. If you omit all warnings, you could enter the page although common sense tells you not to.
As the page that came to me by SMS has already been notified as phishing the visitor already appears a misleading site notice. This already makes us think that we should not under any circumstances enter the website.
The idea of notifying the registrar, the page that has this fraudulent page hosted, is a measure we also have to do. They can delete that content and no one sees any warnings anymore. A “Page Not Found” or similar message will appear to the visitor.
Summary
When we receive a phishing message, we can do several actions to take down the cybercriminals who sent it to us. Not paying attention to the message is fine, but we also need to be proactive and notify you so that no one falls on that page and steals your data.
In this article I have explained several ways to notify a possible email or SMS that has a link to one website pretending to be another to steal our data. We need to be part of solving the problem and get involved in solving and ending phishing. Copying the address of the fraudulent page and notifying the hosting that you have the phishing page is very important. Notifying google to mark a page as fake is also a good idea.
Surfing the internet has to be a pleasant and uns surprised experience. Well, let’s all contribute our grain of sand to make it so.
