Are phishing sites causing your customers to lose trust in your brand?
We see this scenario often: a growing brand suddenly receives an influx of complaints and negative reviews because of phishing pages taking advantage of its customers.
By the time your customers point you to a phishing site, the damage has already been done. But detecting lookalike domains manually is time-consuming, and even reporting them to Google or a hosting provider might not actually remove the site.
We’ll show you how to report a phishing site below. But we’ll also cover how working with a brand protection platform like Red Points can multiply your ability to detect and eliminate phishing threats before they reel in customers.
How to report a phishing page: 5 steps
You can report a phishing page to Google Safe Browsing with a simple online form. The Google Safe Browsing platform warns people of potentially malicious sites when using browsers, Gmail, Android phones, ads, and search. But sometimes a site gets around Google’s filters, so you can manually report it with the steps below.
Here’s what to do:
1. Go to the Google Safe Browsing report page
2. Select the “This page is not safe” option
3. Add the URL of the page to be reported
4. Include additional information in your report (optional)
5. Click submit
After you report a website, Google will investigate the site and may add it to the list of unsafe sites. You can further check the status of the site by pasting its URL into Google’s Transparency Report tool here.
Google Safe Browsing’s mission is to make the internet safer for everyone. It puts warnings on the following types of content:
- Malware: Software designed to harm a device, the device’s software, or its users
- Unwanted software: Software like unhelpful downloads that change your default browser
- Social engineering: Phishing, deceptive content, and third-party services without clear labeling
Does Google Safe Browsing remove sites?
Google Safe Browsing doesn’t directly remove a malicious site, but it displays warnings to users and requires them to accept the site’s unsafe status to proceed. People using Google Search, web browsers like Chrome and Firefox, Android devices, and Gmail can see these warnings.
Additional steps to complete your phishing report
While Google Safe Browsing doesn’t remove a site, you can report a phishing site to the registrar or hosting provider to potentially get it taken down. You can also report sites to governmental authorities to help them in investigations.
1. Report a phishing website to the hosting provider
Reporting a phishing website to the hosting provider can potentially take it offline, since the site’s data is stored on servers run by the host. Here’s what to do:
- Use a tool like WhoIsHostingThis or Hosting Checker to identify the website’s hosting provider.
- Look up the hosting provider to find its contact information.
- Document evidence of the phishing site, like screenshots, URLs, and actions or forms you entered.
- Look for scam and abuse report forms, which some hosting providers have, and fill one out.
- Alternatively, contact the hosting provider through its customer support to report the phishing site.
2. Report a phishing site to the registrar
Registrars reserve and assign IP addresses to domain names, so reporting a phishing site to its registrar can be another way to get it removed. Note that a site may use the same company for hosting and registration, though many sites use separate companies.
- Use a service like Who.Is or WhoIs.com to find detailed website information, including the registrar.
- Document your case like before with screenshots, URLs, and a description.
- Visit the registrar’s website and look for an abuse reporting option. For example, GoDaddy has multiple report forms and emails for different types of abuse, including phishing.
- Fill out the form with information about the phishing site.
3. Report phishing to a governmental agency
You can report phishing scams to agencies like the IC3 and FTC in the US or OLAF in the EU. Reporting to a governmental agency can help authorities build a case and take down fraudsters in the real world.
What is the difference between a website host and a domain registrar?
A domain registrar allows people and businesses to reserve domain names online, while a website host holds the data for their sites on servers. Hosts and registrars can be the same company (like when someone buys a domain name from Namecheap and uses its hosting service) or they can be separate companies.
The right place to report a phishing site can depend on the situation. If the site uses a lookalike domain (meaning the domain has slight misspellings to impersonate a brand), consider reaching out to the registrar first. But if the phishing content is hosted on a legitimate site or platform, reach out to the host.
Be prepared to reach out to both if one is unresponsive. When you work with Red Points to stop phishing sites harming your brand, we can leverage partnerships with leading registrars and domain databases to discover and remove fake sites.
What happens after I submit the report?
After you submit a phishing report to a hosting provider or registrar, the company will investigate and possibly remove service. This would take the site offline.
Be aware that hosts and registrars can’t guarantee a site will be removed. You can follow up after a few weeks, or you can work with a service like Red Points to handle verifying takedowns. Each type of report can have different follow-up protocols, and we’d handle these for you.
What kind of websites can be reported?
You can report any site to legitimate hosting and registration companies if that site uses those services. However, not all host providers or registrars are as receptive to phishing reports.
Some websites use offshore or bulletproof hosts/registrars that can evade takedown requests. In this case, it’s important to work with a specialized brand protection platform; otherwise, you won’t get anywhere with manual efforts. Our team has years of experience taking down phishing sites that operate through these providers.
How Red Points helps protect your brand against scammers
At Red Points, our AI-powered brand protection platform detects and removes phishing sites, impersonation, and fake domains at scale. We work with over 1,300 brands to protect their customers from global online threats. Ultimately, we take the burden off brands by proactively managing the surge of fraud sites across regions.
While we leverage AI to multiply detection and validation efforts, we provide expert human oversight to verify detections and domain takedowns. Our experience also includes 10+ years of relationships with platforms and domain providers to secure priority escalation on complex phishing cases.
When you partner with Red Points, you can:
- Take down unlimited phishing sites, ads, domains, and apps.
- Protect your brand across multiple channels with AI-driven and expert-led enforcement.
- Leverage the largest brand protection dataset with predictive fraud detection for real protection.
When your brand is dealing with constant volume from fakes and phishing sites, manual tracking becomes impossible. That’s when our platform is ideal.
Next Steps: Protect your brand against phishing attacks with Red Points
To wrap up, you can report a phishing site to Google Safe Browsing so that future users see a warning. You can also report sites to domain registrars and hosting providers to possibly remove it from the internet. However, be aware that submitting a phishing abuse form to a registrar or host doesn’t guarantee its removal.
Working with a phishing takedown platform like Red Points is the best way to ensure scam sites get taken care of quickly. Our technology, experience, and direct connections with industry platforms allow us to remove phishing sites faster and more accurately than manual efforts.
Want to prevent your customers from falling for phishing scams targeting your company? Reach out for a quick demo today.
