- What is phishing?
- How do I tell a phish email from just regular spam?
- Does PhishTank want to hear about spam?
- What is PhishTank?
- Does PhishTank cost anything?
- Does PhishTank protect me from phishing?
- Who's behind PhishTank?
- Why does OpenDNS operate PhishTank?
- Why do I have to register to report a suspected phish?
- How do I report a suspected phish via email?
- Why is forwarding email not the best solution?
- How do I make sure the right information is included in a submission?
- How do I report a suspected phish via the website?
- I reported a suspected phish, but I don't see it listed. Where is it?
- How do I help verify a phish?
- How do I recognize a phish?
- How may I safely visit a reported phishing site?
- How many people have to verify a phish for it to be marked as a phish?
- How do I check an individual URL against the PT database?
PhishTank data and details
- Where do you get your data?
- Any software to install?
- Does PhishTank work with my existing anti-virus software?
- Do you share your phishing data?
- Who uses PhishTank data?
- Do you offer RSS feeds?
- How do I report a "false positive," where PhishTank wrongly labels a site as a phishing site?
- How is PhishTank different from the Anti-Phishing Working Group?
- If I report my phish to (name your favorite toolbar, browser, website here), will it be automatically reported to PhishTank?
- Do you share my personal information?
- How do I turn off email acknowledgement of submissions?
- How do I put information about my PhishTank activity on my website or blog?
- What is an API?
- How do I get an API key?
- Is there a usage limit?
- Is it OK to use the API for both commercial and non-commercial uses?
- How does OpenDNS use the PhishTank data?
- Why is a site marked by PhishTank as a phish not blocked by OpenDNS?
- Why is OpenDNS blocking a phish site that PhishTank doesn't list or has not yet verified?
- Will OpenDNS share phishing data with PhishTank?
Phishing is a fraudulent attempt to get you to provide personal information, including but not limited to, account information. For more, see What is Phishing?
Spam is unsolicited commercial email...which may include phishing attempts, but is often simply unwanted marketing. Phishing often has criminal intent. Spam isn't always, though it can be.
No. We are not fans of spammers, and there is some overlap with phishers, but there are many other people and communities focused on fighting spam. Spam submitted to PhishTank will be discarded.
PhishTank is a free community site where anyone can submit, verify, track and share phishing data.
PhishTank is free to everyone, both the website and the data (via the API).
PhishTank is not protection. PhishTank is an information clearinghouse, which helps to pour sunshine on some of the dark alleys of the Internet. PhishTank provides accurate, actionable information to anyone trying to identify bad actors, whether for themselves or for others (i.e., building security tools).
PhishTank is operated by OpenDNS, a company founded in 2005 to improve the Internet through safer, faster, and smarter DNS. Read more at www.opendns.com.
OpenDNS is interested in having the best available information about phishing websites. However, phishing data is not a place to be competitive, and we believe that sharing this data freely (even with those who do not contribute) will benefit us all. PhishTank's mission is in line with both OpenDNS's business and its goal of making the Internet a better place.
Registration helps make the data better. PhishTank needs to attribute reporting and validation to individual accounts, so the community can learn to judge each member's contribution. This small hurdle also reduces "noise" in the submissions. You are not asked for a lot of personal information: a valid email address is the only personally-identifiable information required. PhishTank needs to attribute reporting and validation to individual accounts, so the community can learn to judge each member's contribution.
Submissions via email are strongly encouraged, as more data is usually available. After completing the free registration, you can send emails to firstname.lastname@example.org from your registered email address. It is important to include as much information as possible, including mail headers if possible. For that reason, we suggest redirecting any suspected phishes to PhishTank. To submit suspected phishes from other email addresses, use your individual phish reporting address, which is available from My Account page once you are signed in. We suggest adding your individual phish reporting address to your address book in every mail application you use, for all accounts.
When you forward email, some information in the original phish is usually lost, whether mail headers or tell-tale images or even URLs.
No matter how you submit a suspected phish, please try and include all relevant information. The more useful data you provide, the more likely the submission is to be correctly verified.
Have the suspected phish handy, and visit Add a Phish. You must be signed in to submit a suspected phish.
If a suspected phish does not include a URL, it is discarded and not tracked. Note: suspected phishing emails reported
Go to the Verify a Phish page to see unverified submissions. Visit an individual phish detail page, examine the information available (including visiting the site itself), take a look, and pass judgment. You will need to be registered and signed in to vote. At the top right of the page, you can immediately click to another unverified phish.
Review the example and guidelines shown at What is phishing?
Some phishing sites do more than collect information under false pretenses; they try to install badware/malware or otherwise attack visitors. That said, it's usually safe to visit these sites as long as precautions are taken, like making sure your browser's security settings are high. PhishTank does not encourage you to enter any personal information into a reported phishing site as part of your validation efforts.
The number of people required to verify a phish depends on the history of those voting. It will always be more than one.
Two options. First, enter the URL into the "Is it a phish?" field on the PhishTank home page. Second, use the API to programmatically check an individual URL or multiple URLs.
You! We also prime the pump with external feeds where possible.
No, PhishTank is a web service only. No software to install.
Yes. PhishTank is a website and web service (API) for getting information about phishing sites. It's not a piece of software, and it doesn't run on your computer. PhishTank doesn't endorse any specific security software, but we're all for anything which helps protect us online. Security should be a layered approach.
Yes, both on the website and via the API.
Several organizations and companies use the PhishTank data. See some prominent ones on the Friends of PhishTank page.
Yes. There are many feeds, including a personal activity feed, available from the My Account page.
False positives -- where a site is labeled as a phishing site incorrectly -- are very damaging. Go to the Phish detail page for the site in question, click on the link "This site is not a phish" and follow instructions. These reports will be taken seriously.
The Anti-Phishing Working Group is an industry group which collects phishing reports and distributes the reports to its paying members. We applaud their efforts; there is no single solution to fighting phishing and the Internet Bad Guys. (Don't worry, that site is just a demo run by OpenDNS.) However, we would encourage the APWG to share their learnings with the rest of the anti-phishing community. Data provided by individuals to APWG is not available to the Internet community at large, only to paying members of the organization.
If I report my phish to (name your favorite toolbar, browser, website here), will it be automatically reported to PhishTank?
Not at this time. We are open to working with anyone who's collecting and verifying phishing data to make it available to all. Please contact us.
Visit the My Account page and change the Email Updates preference.
Visit the My Account page for details.
API stands for Application Programming Interface. You can read the Wikipedia definition, or simply know that the point of an API is to give computers a way to pull what they need from another computer (i.e., PhishTank website) without any human intervention.
Complete the free registration, and confirm your email address. Your API key will be displayed on the API page.
We do limit the number of requests per hour that can be made to the API. Please see the Developer section of the site for more information on limits.
OpenDNS employs the PhishTank verified phish data in its free recursive DNS service as one source among many to identify phishing sites to block for its DNS users.
A judgment from the PhishTank community about a suspected phishing site is one factor in the decision about whether a site is blocked for OpenDNS users (those who have phishing prevention enabled). OpenDNS gets feeds from multiple sources. As of October, 2006, PhishTank is now one of those sources. PhishTank also may identify a phish website which, for instance, uses IP addresses in its URL, and therefore cannot be blocked at the DNS level. PhishTank and OpenDNS are operated as separate systems.
As noted, OpenDNS gets feeds from multiple sources. It's possible that a source other than PhishTank brought the site to the attention of OpenDNS and it was verified and confirmed by OpenDNS. PhishTank and OpenDNS are operated as separate systems.
OpenDNS uses its network analysis to help identify and confirm phishing sites. As that information becomes richer, OpenDNS will provide a feed to PhishTank. That feed's quality will be up to the PhishTank community to judge, just as other submissions and submitters are. OpenDNS encourages its phishing feed providers to share their data with the PhishTank community.