Threat Actor Awareness
Fight Malicious Actors Together
This page is designed to help you recognize and fight phishing (emails), smishing (texts), vishing (voice), deepfakes (AI) and other common threats!
Phishing Awareness
Understand how to identify and avoid common phishing scams that target your personal information.
Vishing Protection
Learn effective techniques to recognize and prevent voice phishing attacks in everyday communications.
Smishing Insight
Gain insights into spotting AI-generated deepfakes and safeguarding your digital identity.
Report A Phishing Website:
Right-click the link in the phishing email, and copy the hyperlink
(DO NOT CLICK THE LINK).
More about avoiding phishing emails: FTC.gov
How can I evaluate phishing attempts?
Links for scanning:
- Browserling: opens link in protected environment
- urlscan.io: scan and analyze sites (provides a screenshot and more info)
- Palo Alto: scans and reports URL cateogry
- CheckPhish.ai: Phishing detection engine.
- phishcheck.me: runs in a sandbox-like environment
- VirusTotal: checks against blacklists.
- urlvoid.com: runs against blacklists/databases.
Investigate IP or Domains:
- AlienVault OTX: open-source threat intelligence (can subscribe to “pulses”) and create a free acct.
- DNS Blacklist
- PulseDive
- Check IoC: (up to 25 checks/day to scan IP or domains against databases)
- Netcraft SiteReport
- ThreatMiner.org: data mining for threat intelligence
Reporting
Join us to learn practical tips for spotting phishing, vishing, and deepfakes to safeguard your digital life.
- Google – google
- Microsoft – microsoft
- Fortinet: URL Submission/Review
- Palo Alto: At the bottom, you can “request change”
- CISA: send email to “phishing-report@us-cert.gov”
- Symantec: submit a file
- McAfee: creating acct helps track status
- Amazon: report an amazon-suspicious message
- Webroot BrightCloud
- PhishTank: account required (free)
- Netcraft: no account needed
- CIRCL: shares with EU partners
Reporting
Join us to learn practical tips for spotting phishing, vishing, and deepfakes to safeguard your digital life.
- Google – google
- Microsoft – microsoft
- Fortinet: URL Submission/Review
- Palo Alto: At the bottom, you can “request change”
- CISA: send email to “phishing-report@us-cert.gov”
- Symantec: submit a file
- McAfee: creating acct helps track status
- Amazon: report an amazon-suspicious message
- Webroot BrightCloud
- PhishTank: account required (free)
- Netcraft: no account needed
- CIRCL: shares with EU partners
Report Phishing & File Hosting Abuse Directly:
- Link Shorteners:
- bit.ly abuse
- is.gd abuse
- Tiny.cc abuse
- shorturl.at abuse
Report Phishing / Spam Text (SMS) Messages
Copy the contents of the spam SMS and paste it into a message to this four-digit number: 7726 (S – P – A – M). This reports it to your phone company, so they can search who sent it and investigate and block. Don’t click the link!
7 7 2 6 (S P A M)
On iPhone:
- Open the actual message on your phone
- Press and hold on the message to get a list of actions to pop up.
- Click on “more…” [example image on right]
- Click on the forward arrow at the bottom right
- Enter “7726” in the forward to field
- Hit the send arrow in the lower right
On Android:
- Open the message on your phone
- Press and hold on the message to get a list of actions to pop up
- Select the “forward message” option
- The message will be selected, click the forward arrow in the upper right
- Enter “7726” in the forward to field. The number will display below for you to confirm the recipient
- Hit the send arrow in the upper right