PSA - How to help takedown phishing websites faster & protect other players in-game

[Mintale]

Until Square Enix find a way to immediately block phishing tells, or get better at taking sites down themselves... this is a PSA with steps on how to thoroughly report phishing sites yourself, so that they are taken down within hours.

An easily shareable google doc with all of this information and more is also here:
https://docs.google.com/document/d/e...8TUEWcznGS/pub


Taking Down the Website

1. Report the website to Netcraft: https://report.netcraft.com/report
   Netcraft conduct their own takedown activity and appear to be the most efficient at getting sites shut down within hours.
   
2. Report the website as Malicious with https://phish.report
   You need to both scan the URL and click the “Report as Malicious” button after the scan completes. Phish.report is a tool that will automatically submit phishing reports to various places, as well as providing convenient buttons to click to report to microsoft and google safe browsing.
   
3. Report the website to Google Safe Browsing and Microsoft Security Intelligence using the links in your phish.report page from step 2
   This ensures that even if the site isn’t taken down, web browsers will give a big red warning on the page that will prevent future victims from visiting the site.
   
4. Report the website to the domain registrar using the link in your phish.report page from step 2
   The domain registrar the phishers usually use is NameSilo: https://new.namesilo.com/phishing_report.php, however it could be any. If there is no domain registrar identified in phish.report, then you will need to lookup the domain registrar manually using a WHOIS tool: https://www.whois.com, this will list the contact details to report domain abuse. They will often need evidence of the phishing including a screenshot of the offending pages.
   
5. Report the website to the website host
   The web host can be found on the urlscan.io report in your phish.report page in step 2. The host the phishers most often use is Web4Africa, the phishing website can reported to their abuse department at the following location: https://clients.web4africa.com/tickets/new/&dept_id=4
   If the urlscan.io report shows the phishers are not using Web4Africa as their web host then you will need to lookup the host’s abuse contact details via their website or google

Protecting Other Players In-Game

1. When you receive a phishing tell, /shout to everyone else in the area reminding them that it’s a phishing attempt and not to click links. Some click without thinking.
2. Contact the players FC to inform them that they are compromised and may attempt to steal items from the company storage/house.
3. Report to the GMs using “Report Harassment” option in support

[Canadane]

This is good information. Much better than those who are like "hey I just got this link don't click it!" *proceeds to give the full URL*
Thank you for this, I'll use it next time I get any phishin' while fishin'.