User Tools

Site Tools


phish_feed_monitoring

Table of Contents

Introduction

Phishtank is a free community-driven online database of known phishing websites and scams. It is maintained by OpenDNS, a cybersecurity company that provides cloud-delivered security services to protect against advanced security threats. Phishtank allows users to submit and verify suspected phishing URLs and provides a real-time feed of these URLs to be used by other security products. While Phishtank is a useful tool for identifying and blocking phishing websites, there are some potential risks to be aware of. One risk is that the feed may contain false positives or false negatives, meaning that legitimate websites may be mistakenly identified as phishing websites or vice versa.In Kaduu, we download the current Phishtank database locally every day and make it available via our search and monitoring function.

Search Tips

The search within the phishing database should contain the company name, but if possible without the top level domain (i.e. example instead of example.com). If the domain is very short or contains a generic word like "bank", you can expect a lot of false positives.

Examples:

As you see in the example below many scammers use the directory of a webserver to spoof the target. The main domain is completely different. This illustrates why domain monitoring is not sufficent to spot possible malisious URL's:

phish_feed_monitoring.txt · Last modified: 2023/05/22 20:40 (external edit)