top of page
Search
  • Writer's pictureGrant Carroll

How to take down a phishing site

This is a different post to some of the other content on this site, but is one grown out of my frustration with scammers trying to get peoples banking information.


Below is described a method on how you can potentially remove a scammers site pretty quickly. So next time you receive a scam email or text, instead of just deleting it, you can try and get the site removed from the internet. The more people who know how to do this, then hopefully the quicker the sites can be removed, then hopefully less people won't get caught about by these scumbags.


I started doing this after listening to an excellent podcast episode on Hacked.

https://podcasts.apple.com/us/podcast/paperweights/id1049420219?i=1000559225149 and also because I have family suffering from anxiety issues and these kinds of emails and texts cause a great deal of distress and worry.


I'll use a recent example to show how you can do this. I received a text message from an unknown number telling me that a new phone number had been added to my Westpac account. I knew straight away that this was a scam,

  1. The number looked to be coming from a personal phone number.

  2. The content of the text was different to the text Westpac normally send me.


Fake message....

Real message



The first thing I did was copy out the URL and opened in up in a private browser (you can never be too careful). As an aside, I have heard of people who use virtual machines for this kind of thing, but this seemed like a simple phishing scam not someone try to load malicious malware.


The site looked somewhat convincing...



But if you compare it to the actual site...



So, here's what you can do!

Go to this website (there maybe others you can use, but this works for me). https://whois.domaintools.com/

From here, enter the URL of the scam site (in this case westpac-remove.com).


This will then hopefully, give you the details of the domain record.



Notice that the record was only created the day before. The important thing here is to look for the abuse email. Most domain registrar will have an abuse email that you can email and report the phishing attack. In this case its above, but also further down the page its clearer.

You can then email this address with the details of the scam. I always try and provide as much detail as possible, including pictures of the original text message I received, a screen shot of the fake site, and a shot of the real site.


Not long after sending an email I received a reply to say that the site had been removed. See below.

Hopefully this encourages you to not just delete the next scam message you receive, but maybe try your hand and taking a bit of the power back. If you don't feel confident in doing this, then that is totally fine too.


Happy days.

204 views0 comments

Comments


Post: Blog2_Post
bottom of page