The fight against Internet fraud is getting harder and harder for web hosts to handle on their own. Internet criminals now use temporally credit cards and PayPal accounts, so as a host we can’t detect fraud at the billing level. With proper billing details, all we have left is the customer details like a phone number, locations, email, and other complex things we use that we rather not list publicly. If they pass all of these steps, it is up to services like Netcraft, PhishLabs, and MarkMonitor that look for illegal sites. Even these excellent services can miss a new scam website long enough for the criminal to trick a user into their details. This is where you come in. Knowing how to easily identify and report a fraud or phishing website can help someone save a lot of possible havoc.
So, how do you report a fraud or phishing website correctly and easily?
To report a bad website, you need to find who the hosting service is. One easy way for this is to check the domain’s name servers, also known as DNS.
Here you can do a simple WHOIS check that will list the name servers. If they are a common web hosting service, then you can simply go to their site based on the name server names. For example, we use ns1.dwhs.net for our first name server. If you go to https://dwhs.net, you will open our website, where you can simply click the contact page and send us the details of the fraud site. The issue here is the fraud site could in theory have their own custom name servers. This would then lead you to a site that would not shut it down when reported. And most likely will be a site the criminal owns.
The safest way to report a fraud or phishing site is based on the IP. Most web hosts rent their IPs from data centers or third party service companies. So doing an IP WHOIS will likely get you the IP service and not the web host. To make sure you are getting to the host, do a NETWORK WHOIS SCAN. There can see who the organization is. For example; in the image to the right, you can see the organization (Org Name) is Web Host Pro. In this case, you would then throw Web Host Pro in Google to get our main website. Or put Contact Web Host Pro in Google and you will go directly to our contact page.
As a host, all we need to know is the URL of the website. For example paypal-login-details.com. Feel free to add any other details that you think might help.
To be honest, we are so happy for the help, any information is greatly appreciated. We are able to track down the site, block and blacklist the owner normally within a couple of hours or less.
Things to look for when identifying scam websites.
- Look for hyphens.
Most common scam domain names are taken, so they tend to try to add hyphens and long names to still sound legitimate. We see a lot of paypl-account-seervce.com type website names. - Don’t click links in email.
We can’t emphasize enough about this. If you have any doubt at all about an email, just open your browser and go to the site directly. Almost all phishing and website scams are based on getting you to click a fake email link. If you don’t click any email links, then you have nothing to worry about it! - Post the URL in Google with quotes.
If you are not sure about the site you are about to pay or log into. Do a URL search like this. “webhost.pro” this will tell if the URL is popular and has any major complaints.
We wish reporting scam websites and knowing how to avoid getting tricked was mandatory learning when getting online. If we could make it a protocol, we would! There is hardly anything worse than these guys getting into your accounts and fussing things up.
If you made it through this page, though, you will have everything you need to be safe, private, and help others in the process.