I spent so many hours recording and editing this video please give it a thumbs up for the algorithm • Also someone made a good point to emphasize: Only do this for legitimate phishing / malware domains, not just random companies you were dissatisfied with. Otherwise it will just waste yours and everyone’s time. • Also to be clear, at the beginning when I say "within a few hours", I just mean that's how long it took the companies to analyze the site. The work of reporting the site to all the companies only takes a few minutes once you know what to do. • As for getting sites blocked on Firefox and Safari, those also use Google’s Safe Browsing filter, so reporting it there covers them
Again.... first the bot code.. now this. Really Joe, ya should be hired, by the top team of Google and TH-cam, for sure. Along with scammerPayback. You 2 are making awesome work for society, true digital saints.
No... Well, I suppose browsers could add a button to report it to themself if they are willing to field the ridiculous number of reports that would generate before publishing them. But.. End users would basically spam it with false reports because they think a site is suspicious. It's worth noting that contacting a domain registrar, etc, Should Not be done unless you are sure that domain's owner is intending or allows the phishing or malicious activity - reports should usually go to the email providers and site contacts _first_. It is worth noting that submitting a false takedown to a domain registrar or ISP can lead to a criminal charge if the complaint is deemed fraudulent and/or being sued for damages if a reckless report causes a domain registrar to mistakenly take something down. The reporter assuming legal responsibility for what they write in their report and making sure to do so accurately are important requirements. Most end users won't know how to gather and enter all necessary facts, then excess of reports would get backlogged to the point few are ever answered. Organizations' points of contact that deal with these are in a business of investigating and responding to abuse, not providing a customer service - a registrar's abuse contact may be a low-priority secondary job duty of a dozen or less admins. Thus for end users.. you should mostly report malware or phishing to your IT or site Admin first, Or use the tools they've provided to report to them, but If this is a personal PC.. contact your Antivirus/phishing filter vendor, or Google (or Virustotal), and security vendors will share information, and it's plenty to report to one of those.
So people frustrated for whatever reason ( mostly not legit reason ) could do report revenge. I am not trying to be mean, your suggestion is great. My point is that we humans are a sack of emotions and irrationality.
Please do not misuse this to randomly report any site. This is not to report a website that you purchase something from and they got you a lower quality item or they supplied late. I know some people can be quite ridiculous. This is not to report a creator's website that you don't like. Make sure you have done you due diligence and made enough research to ensure the site you are reporting is really malicious. I think this video should have shown people how to detect and confirm malicious sites before reporting except for the obvious phishing sites and scam website. But this is a good video. Please use this when you are sure and have proof like screenshots as evidence.
I could imagine there would be people who would report websites simply for disagreement about things such as freedom of expression, I'm of course not talking about people making art based on likenesses of people in real life or anything like that, when it's purely fictional in not just scenario but also with it's characters, human rights wouldn't logically apply to anyone besides the artist in question.
I wanted add something since it wasn't mentioned. If the website has anything to do with AWS (hosting, database, etc...), you can forward the information to the AWS abuse email and Amazon can shut down their aws account which could be catastrophic for them.
@thgougler Which sounds a way quicker way than reporting to 20 differents websites, thank you ! Btw, how could you tell quickly if the website is actually using AWS services or not ?
Yeah I went through AWS' verification process one time. I just wanted to see what services they had and maybe learn something and didn't expect a rigorous verification process. The idea "scammers need web hosting" didn't occur to me. I imagine even if they spoofed their identity for that process somehow (e.g. with someone else's identity), it's still a PITA. Meanwhile for you it's just a quick form or two.
You are by far, THE most underrated TH-camr ever! Bro, u saved my butt more times than i can count, and apparently Linus' too. Please never stop for those of us that TRULY love the work you do.
That will be so useful to nerf so many types of scams. I didn't even know this existed. You deserve a lot more subscribers because you always fight against scammers and hackers! Keep up your great work!
@@hedwig7s just 1 mistake lol thats all it takes, it can be a BANK sending a bank statement as a pdf with password and lets say he f3cked up in future and forgot to check the email or the email domains looks really convenient as chase bank or other banks Soon as he opens the PDF, he's a GONER man. Even he can get TRICKED and HACKED. even if you're pro doesn't mean you aint worth getting attacked, just 1 mistake thats all, maybe his GF at his home using his PC for Gaming and try a cheatbot or idk anything while he's away from his Computer. Thats all it takes BRO. 🙄
As someone who operates a hosting provider thank you for creating a video. Most people don't alert us whilst we can immediately take down a website instead of having to wait for all of the third-party providers to block the site. Going to the source directly will most likely resolve in quicker resolution of taking the site down and stopping toe scammers from stealing other peoples information.
I've tried contacting hosting providers directly and they have never taken a site down. They ask for too much information and proof of damages before doing anything. I'd prefer just dealing with the reports.
@@ananamusly never heard that. In the. Netherlands where we are located we are actively monitored by the gov and they force us to deal with cyber crime and may even hold us responsable for not dealing with it so most of us tend to block those sites.
The DNS registering process by the scammers is automated. Scripts re-register on another domain in milliseconds. They'll update the URL in the video livestreams (such as Elon Musk crypto scams), Twitter post etc. To really hurt scammers, you need to hit their infrastructure and/or their money streams and/or visit them and take them down.
You're right, they will likely just set up a new site. But at least it will help the people that perhaps get a scam message and don't see it for several hours, and hopefully by the time the do, the site will be blocked.
@ThioJoe fully agreed. Reporting the scam website is always better than taking no action. Even if reporting resulted in one less victim, you already achieved your goal. Your viewers do have to understand that this is a surface-level impact for scammers themselves.
Lengths like this? It's filling in simple online forms, it's not that much of a process. You make it sound like wasting a few minutes to take down malicious sites is an extremely arduous process. People these days really want 1-click solutions for literally anything...
@@revsnowfox5798 Yeah What the OP doesn't understand is the reason why there are so many services is because much of this stuff is regional and reporting takes time to propagate through various channels to ensure correct classification. Not to mention, the _numerous_ daily false flags they have to field. A spread load is not only easier to manage, it also allows for cross-checking and confirmation between multiple parties. Reporting of this variety is more like a jury council reaching consensus based on how often you appeal to them rather than a central authority smiting webpages with the power of Zeus.
@@revsnowfox5798 There's like 20 different forms to report to, and for how many people are sending out phishing links and stuff, it's a lot easier to just ignore the site than fill out 20 forms. It's better to have the barrier set lower.
I agree, why is there no international internet safety organization /police that provides a report we can complete that will link to all security companies... like a WHO for internet or something.
@@cherrypoutines6269 Internet is still new - and international laws are difficult for every country to agree to. Only a couple forms will typically suffice this is just a guide to completely annihilate a site.
Registrars that will take a domain down on the strength of a report like this are few and far between. Scammers tend to register their domains with registrars who actively protect them or who have no process in place to take them down for abuse. There are two that I know of (I won't name them here to avoid being sued) that raise immediate red flags, as in I can be 99% certain that a domain registered with them is a scam domain.
you can't get sued for saying this kind of stuff btw the reason ppl hide company names, is in case they work at the company and want to avoid getting fired. you can't get sued for simply saying something about a company that they don't like.
@@wojtekpolska1013 Yes you CAN. They can sue you for defamation, and unless you can afford a lawyer that can get very expensive very quickly. If it reaches a court and you have a lawyer they will lose, but if you can't afford that lawyer you could lose even though your reporting was accurate.
@@FireAngelOfLondon I mean, you can be sued by any person for any reason. I’m pretty sure what they meant is that you can’t be legally liable for telling the truth. It takes a lot to prove defamation, at least in the US. Either way, lots of states have Anti-SLAPP statutes for exactly this reason.
I saw in the screenshot that they're using CloudFlare as their name server so DDoSing isn't really an option. Besides, it's illegal and would probably get the DDoSer in trouble with their ISP
Absolutely BRILLIANT tutorial Theo, which I have already put to good use ! Thank you very much for taking the time to research and create this tutorial. Cheers mate 😍
The thing that I've learned from this video: it would be great to have a single website that would take the report and then propagate it to the other websites, because it feels more like a chore than a simple task.
in "Microsoft Edge, > ... > Help & Feedback > Report unsafe site" will automatically open Smartscreen & fill in the URL. in "Firefox, ≡ > Help > Report deceptive site" will open Google safebrowsing. Best part is you don't have to fill in anything to report this way. Similar option should be available for every other browser too. I recieved about 50 SMS's nonestop about a Netflix account recovery today (obviously fake). So I did report the URL and within 5 minutes, site was blocked by google safebrowsing (in firefox). Edge hadn't blocked it yet tho. Thanks Joe.
@ThioJoe : Excellent work Joe !!! 🙂🙂🙂 The only shame is that we sort of need to submit our malicious activity reports to all these sites individually. It would be so much better and easier if there was 1 centralized reporting point, and from there on allthe companies could use that to reference this data.
I really like that you made this video, and hopefully it will prevent many phishing attacks. But this won't stop phishing unfortunately, until the domain gets reported the damage is most likely already done and scammers can always register a new domain. Sadly scammers will always be out there scamming people, but raising awareness and reporting it like you showed here certainly helps!
Thank you for this thorough video, explaining each step. Someone used my kennel name and other breeder's pictures to set up a fraudulent website to collect deposits on puppies that did not exist. As I followed through your video, I used the sites to report the scammers. In the hour it took me report to each site I already had results coming in. Hopefully by tomorrow the website will be shut down.
Any tip on domains used for impersonating companies sending emails for fake TH-cam sponsors to get youtubers hacked? They usually don't set any website on their domain and just set emails and when i report them to their registrar even explaining the whole situation, the registrar usually just responds backs saying "we couldn't find any infrining URLs".
Glad I found this video. I've noticed a new discord scam that's been going around where someone will randomly add you. and never actually talk to you.. and instead just have a profile description, with a link in there. And just.. hope that you're curious enough to click the link to see what it is. Scammers are getting more and more creative every day, so it's nice being able to take down scam links fairly easily
i remember when i hated this guys guts, his fake help vids kept popping up instead of the real help vids, i had to memorize this guys channel so i could specifically avoid his trolls. he had already wasted about 30 minutes of my time. now i love him, im so glad he decided to used his skills for good instead of evil.
I typically fire a report towards the dns registrar and the server hosting company (you can whois an ip to get an abuse email for it). The site in question is often down in a couple of hours. - Losing access to the domain name means the links the scammers sent are now useless. - Losing access to their servers may even cause them to lose data if they are a bit sloppy. - Plus the registrar and hosting company are the only ones who really know who the scammers are. So *if* they address the issue, any further reporting is an exercise in futility. Except there exist bulletproof hosters that will ignore abuse emails. They're rare in my experience, but your millage may vary. By a lot, probably. So this video is still pretty useful in that regard.
Phone scammers sometimes show up on networks that take action with proper reporting. As they get booted from one, another, and a third...eventually they end up on the ones that are more permissive in allowed activities and less permissive about actions taken. I get feedback from Verizon about a number of my reports having action taken.
@@Alina-hy4yg I can’t seem to find the actual website now but it was an email I got from “Freepeople” one word, pretending to be the clothing site. I ordered. stuff from them and it was not them…
Dude, thank you! This was awesome and I was able to accomplish in 24 hours what a whole company (the company being targeted/copied) couldn't for over a year!
A few of my friends fell for this kind of BS. I know because I've had some send me requests for this. I've never signed in as I thought it was odd reading the terms of service prompted me to login. Thinking about it, I was tempted to challenge them to do an Overdrill in Payday 2 to put them through a nightmare that lasts over an hour to get them to miss their game. Anyway, I think I am going to share this with people to raise awareness.
One of the best videos you made Thio, not only you covered and altruistic topic in which you obviously put a lot of time and effort, you also made a video tutorial how everyone esle can chp-in too. The effect of this video will be enormous, you can be sure about that.
I want to thank you for the great video. I am Editor in Chief of a respected journal from the USA. Uninformed authors where submitting articles to a bogus copy of our site and paying a large publication fee which our journal does not do. They stole all our credentials even our name. We followed your careful and meticulous directions. Very quickly we received word that this bogus site was labeled as malicious and phishing. I truly appreciate the time and care you put into this video! Thank you again!
I nearly fell for this exact type of steam scam once. The thing that saved me, was my password manager not auto filling my credentials, which made me suspicious and take a closer look. Those things are really convincing these days.
I remember being very sus of, basically, fake open source program websites. Scammers will pay for Google search result ad space, and imitate a popular open source programs website. I reported 2 ads for fake Blender web sites and 1 for a fake OBS website. I suspect they give very "dirty" versions of the program you were told about. I never downloaded anything to see.
We honestly need a streamlined method of reporting a site to one location with all the required info and it selects the needed info and send it to each reporting location... i get a scam texts every few days and am tired of having to go through every reporting site
Would be amazing if someone would write a script to automate submitting the sites to the security sites. I have also seen scam sites that use multiple domains via links as you go through the scam workflow or redirects. Would be great to be able to automate submitting a list of domains.
Hey Joe, I think if you can make the reporting software similar to your YT comment one, it would make the process super easy. Not saying I'm lazy here but that would be useful
I think the reason that Chrome does not block the site right away is probably that Chrome would first need to update the local blacklist. So, this has noting to do with their infrastructure, but with the update cycle of your local Chrome installation. “Enhanced protection” would probably send each individual website you are opening to Google. The reason this is not enabled by default is probably privacy protection. If you enable “enhanced protection”, I expect that Google is technically able to track all sites you are visiting throughout the day and attach that to your advertisement profile. Even using incognito mode wouldn't change that. I don't know if they are doing it, but they could do that, and it would be impossible to check from anyone outside of Google. There was actually some controversy in Germany about a similar topic with Chrome. I am wondering if they actually introduced “Standard protection” and made it the default due to this controversy. (Maybe the controversy was exactly about this “enhanced protection” feature before it was optional. I don't know.) BTW, I would kind of expect that some of these blacklists are synced with each other in regular intervals. I am not sure if you actually have to report the website on all sites individually.
I was getting constant phishing emails so did that your saying here and got the website shutdown :), if only every one was like us the scammer would be out of business:)
Yeah a local Indian restaurant website was loading a scam pop-under but only when there was a referrer reported it to their host, host gator abuse address. They did nothing. It wouldn't popup if you went directly to the site but if you followed a link to their site from google or facebook, etc. and the popup would occur. The site was up for months with a pop-under and the host did nothing.
Microsoft Defender 365 flags so many of these at my work. I think I'll start submitting them to these reporting agencies and get them taken down quicker.
thank you for making this important video! it will help a lot of people out. every year I encounter 2 or 3 physhing, malware, or technical support your computer has a virus call now website. I never knew what to do after leaving these sites, but from now on I will do this reporting method. hopefully with more of us reporting these websites, they will become less common to encounter.
I can't recommend blocking new domains as a tactic. This can have a dramatic impact on genuine businesses during their start up period, but it is still smart to check creation dates when finding a potential scam or fishing site.
It’s usually only 30 days. Usually a domain is the first thing a company buys, maybe before they even register the company. Shouldn’t have any effect on legitimate businesses for very long if at all.
Thankyou for the site links! i bookmarked them & will be using them. There's too many "free game" steam fake accounts on tiktok & reporting them to tiktok had zero effect... "did not break community guidelines" 🙄 Now i'll report the sites they link in their bio by using your method! Thanx again!
awesome thats good way to get these scammers angry lol everyone should share this video to everyone so everyone on this planet knows how to do get scammers angry
_This_ works on TH-cam as well. If you find fake accounts, for example all those fake elon crypto streams, you can report them to TH-cam and have the content/channel removed. TH-cam also sends a confirmation of removal. If everyone reports scammers/fake accounts when they find them, we can all help reduce their presence and success.👍🖖 **Do NOT false report channels. As a reminder, false reporting is a violation of TH-cam TOS**
Anyrun need a _business_ email to register. I remember watching a video where a guy hacked into a scam Indian call center and made it so that they ended up calling only eachother. The place was massive and at one point, one of the scammers accused the other scammer over the phone of being a scammer and having a fake Indian accent. ROTF!
What about just a button that reports the website right on any browser. Press the button labeled it nuke website for fun or mass report website in actuality, and a little dialog box will appear it would say please enter a reason for reporting this website. It would also have a category selector. After selecting the category and entering in the notes, you could just press the report button. The information would be sent out to all of the websites listed. Unfortunately, if I ever break into coding, I can’t implement this. I won’t be creating a web browser because I don’t personally believe in third-party web browsers.
Good video but unfortunately outdated. Rarely these days scammers use main URL. Instead they use couple of subfolders while the main address remains clean to the search tools. Subfolders are changed/deleted daily so by the time the report is processed, the url in invalid. It would be good to make a follow up vid on this subject.
Good tips. I've had luck with various forms of spam and scams I get on my cell phone using a similar mindset; scammers' approaches toward what they send me have been changing as a result. Sometimes hard to determine what should get which reports as I don't always know it is a scam as I have limited interaction with them; some get minimal or no effort from me. As for direct shutdown efforts, I usually target URL forwarding/shortening services, email reply to points, and phone numbers to respond back to; this video's tips are directly on track for the custom URL reporting. Thank you.
Thank you for this information. I have been at a loss on how to deal with this. I have tried the FBI and going to hosts directly and it has been useless. This feels fast more effective.
Thank you so much for this information, my Domain was hacked by a company I hired to built a website for me, after not delivering I asked for a refund. They hacked my domain and posted Adult Sex Toys on it. After following. your instructions on the video, it seems like all the bad sites are gone now. Thanks again.
Could you do a video on what’s good in Windows 10 and what’s bad in 11? Including the good features in 10 that will disappear from 11. I've heard of these but can't recall them all. I'm posting this request elsewhere as well.
Most probably the person watching this video has no threat as they are smart enough. But we must report as a part of security of our friends and family.
ThioJoe: Dear Thio. I copied all the information below your video here just incase i came across a scammer. Problem is your Forcepoint link isn't working. I am glad that one person can make a difference still.
I remember last year in the Summer of 2022 when I nearly got scammed out of my Steam account after one of my Steam friends showed me a link to some game tournament voting site. When I voted it, it went through. But then I raised a red flag after realizing there's fake game tournament voting sites after I looked it up. I had to change my password and reported the Steam user. (which already got put on private) I nearly lost my years of game collecting. But honestly, I'm pretty much overwhelmed with too many unplayed games anyway. I gotta layoff the retail therapy. Because you know what they say? old habits die hard.
I spent so many hours recording and editing this video please give it a thumbs up for the algorithm
• Also someone made a good point to emphasize: Only do this for legitimate phishing / malware domains, not just random companies you were dissatisfied with. Otherwise it will just waste yours and everyone’s time.
• Also to be clear, at the beginning when I say "within a few hours", I just mean that's how long it took the companies to analyze the site. The work of reporting the site to all the companies only takes a few minutes once you know what to do.
• As for getting sites blocked on Firefox and Safari, those also use Google’s Safe Browsing filter, so reporting it there covers them
no because you pinned your own comment
I got this recommended to me only 2 minutes after it was released :)
Being that 7th view is something else.
Again.... first the bot code.. now this.
Really Joe, ya should be hired, by the top team of Google and TH-cam, for sure. Along with scammerPayback. You 2 are making awesome work for society, true digital saints.
@@_lun4r_ what's bad about it?
Windows Sandbox isnt anvaiable in home
Browsers should get built in report buttons I'm sure that would encourage way more people to report
i did find one in edge but it was just very hidden.
No... Well, I suppose browsers could add a button to report it to themself if they are willing to field the ridiculous number of reports that would generate before publishing them. But.. End users would basically spam it with false reports because they think a site is suspicious. It's worth noting that contacting a domain registrar, etc, Should Not be done unless you are sure that domain's owner is intending or allows the phishing or malicious activity - reports should usually go to the email providers and site contacts _first_. It is worth noting that submitting a false takedown to a domain registrar or ISP can lead to a criminal charge if the complaint is deemed fraudulent and/or being sued for damages if a reckless report causes a domain registrar to mistakenly take something down. The reporter assuming legal responsibility for what they write in their report and making sure to do so accurately are important requirements.
Most end users won't know how to gather and enter all necessary facts, then excess of reports would get backlogged to the point few are ever answered. Organizations' points of contact that deal with these are in a business of investigating and responding to abuse, not providing a customer service - a registrar's abuse contact may be a low-priority secondary job duty of a dozen or less admins.
Thus for end users.. you should mostly report malware or phishing to your IT or site Admin first, Or use the tools they've provided to report to them, but If this is a personal PC.. contact your Antivirus/phishing filter vendor, or Google (or Virustotal), and security vendors will share information, and it's plenty to report to one of those.
Most would probably just abuse it and false report people they don't like or some such
@@HowtoRadicalize yup
So people frustrated for whatever reason ( mostly not legit reason ) could do report revenge. I am not trying to be mean, your suggestion is great. My point is that we humans are a sack of emotions and irrationality.
Please do not misuse this to randomly report any site. This is not to report a website that you purchase something from and they got you a lower quality item or they supplied late. I know some people can be quite ridiculous.
This is not to report a creator's website that you don't like.
Make sure you have done you due diligence and made enough research to ensure the site you are reporting is really malicious.
I think this video should have shown people how to detect and confirm malicious sites before reporting except for the obvious phishing sites and scam website.
But this is a good video. Please use this when you are sure and have proof like screenshots as evidence.
I could imagine there would be people who would report websites simply for disagreement about things such as freedom of expression, I'm of course not talking about people making art based on likenesses of people in real life or anything like that, when it's purely fictional in not just scenario but also with it's characters, human rights wouldn't logically apply to anyone besides the artist in question.
Userbenchmark is very malicious though, right?
@@DragonOfTheMortalKombat no its not, its just a benchmark for you pc
@@missevi313 no, it is a misinformation spreading platform banned from various forums for right reasons.
@@DragonOfTheMortalKombat lol no its not
I wanted add something since it wasn't mentioned. If the website has anything to do with AWS (hosting, database, etc...), you can forward the information to the AWS abuse email and Amazon can shut down their aws account which could be catastrophic for them.
@thgougler Which sounds a way quicker way than reporting to 20 differents websites, thank you ! Btw, how could you tell quickly if the website is actually using AWS services or not ?
@@jeromevoiron1137 whois
whois or nslookup
Yeah I went through AWS' verification process one time. I just wanted to see what services they had and maybe learn something and didn't expect a rigorous verification process. The idea "scammers need web hosting" didn't occur to me.
I imagine even if they spoofed their identity for that process somehow (e.g. with someone else's identity), it's still a PITA. Meanwhile for you it's just a quick form or two.
How about firebase?
You are by far, THE most underrated TH-camr ever! Bro, u saved my butt more times than i can count, and apparently Linus' too. Please never stop for those of us that TRULY love the work you do.
Appreciate it! 😁
That will be so useful to nerf so many types of scams. I didn't even know this existed. You deserve a lot more subscribers because you always fight against scammers and hackers! Keep up your great work!
He nearly has 3 mil and got mentioned on every youtuber and their mother's channel with their antispam I think he's good
@hedwig7s He totally deserves 3 million also yes I have seen ThioJoe's anti-spam project being featured on even LTT's channel
@@hedwig7s just 1 mistake lol thats all it takes, it can be a BANK sending a bank statement as a pdf with password
and lets say he f3cked up in future and forgot to check the email or the email domains looks really convenient as chase bank or other banks
Soon as he opens the PDF, he's a GONER man. Even he can get TRICKED and HACKED. even if you're pro doesn't mean you aint worth getting attacked, just 1 mistake thats all, maybe his GF at his home using his PC for Gaming and try a cheatbot or idk anything while he's away from his Computer. Thats all it takes BRO. 🙄
As someone who operates a hosting provider thank you for creating a video. Most people don't alert us whilst we can immediately take down a website instead of having to wait for all of the third-party providers to block the site. Going to the source directly will most likely resolve in quicker resolution of taking the site down and stopping toe scammers from stealing other peoples information.
I've tried contacting hosting providers directly and they have never taken a site down. They ask for too much information and proof of damages before doing anything. I'd prefer just dealing with the reports.
@@ananamusly never heard that. In the. Netherlands where we are located we are actively monitored by the gov and they force us to deal with cyber crime and may even hold us responsable for not dealing with it so most of us tend to block those sites.
In my case, they manage to take 12 K making believe it was a investment. I am an idiot.
The DNS registering process by the scammers is automated. Scripts re-register on another domain in milliseconds. They'll update the URL in the video livestreams (such as Elon Musk crypto scams), Twitter post etc. To really hurt scammers, you need to hit their infrastructure and/or their money streams and/or visit them and take them down.
You're right, they will likely just set up a new site. But at least it will help the people that perhaps get a scam message and don't see it for several hours, and hopefully by the time the do, the site will be blocked.
@ThioJoe fully agreed. Reporting the scam website is always better than taking no action. Even if reporting resulted in one less victim, you already achieved your goal. Your viewers do have to understand that this is a surface-level impact for scammers themselves.
That involves getting your own hands dirty and possibly endangering your equipment and maybe even life. Wouldn't do that.
@@CZghost a small price to pay for the greater good
@@justarandompersoniguess your equipment/life=small price?? when another scam site would immediately take their place anyways???? what are u on
The fact that we have to go to lengths like this to make sure people don’t get phished is unbelievable
Lengths like this? It's filling in simple online forms, it's not that much of a process. You make it sound like wasting a few minutes to take down malicious sites is an extremely arduous process. People these days really want 1-click solutions for literally anything...
@@revsnowfox5798 Yeah What the OP doesn't understand is the reason why there are so many services is because much of this stuff is regional and reporting takes time to propagate through various channels to ensure correct classification. Not to mention, the _numerous_ daily false flags they have to field.
A spread load is not only easier to manage, it also allows for cross-checking and confirmation between multiple parties. Reporting of this variety is more like a jury council reaching consensus based on how often you appeal to them rather than a central authority smiting webpages with the power of Zeus.
@@revsnowfox5798 There's like 20 different forms to report to, and for how many people are sending out phishing links and stuff, it's a lot easier to just ignore the site than fill out 20 forms. It's better to have the barrier set lower.
I agree, why is there no international internet safety organization /police that provides a report we can complete that will link to all security companies... like a WHO for internet or something.
@@cherrypoutines6269 Internet is still new - and international laws are difficult for every country to agree to. Only a couple forms will typically suffice this is just a guide to completely annihilate a site.
The average person should be focused on accountability like this. Too many people think someone else will do it
I didn't even know that I could simply report a website like that, and it seems really easy. It's definitely a great idea.
@@CZghost so now are you trying to report every sites you found lol you won't get paid lol its time wasting
Scammers will just make a fake copyright strike to this video 😂
The information is already out there now 🧐
@@ThioJoe Already Downloaded The Video I Will Only Reupload It When That Happens.
@@ThioJoe I will download the video for save keeping just in case
@@ThioJoe I also downloaded it like other people and will also try to win the usb
@@ThioJoedownloaded too
Registrars that will take a domain down on the strength of a report like this are few and far between. Scammers tend to register their domains with registrars who actively protect them or who have no process in place to take them down for abuse. There are two that I know of (I won't name them here to avoid being sued) that raise immediate red flags, as in I can be 99% certain that a domain registered with them is a scam domain.
i think u should give a few hints for us geeks to watch out for
you can't get sued for saying this kind of stuff btw
the reason ppl hide company names, is in case they work at the company and want to avoid getting fired. you can't get sued for simply saying something about a company that they don't like.
@@LinusTechTipsTemporary for me it was namescheap they wouldn't take down a domain being used to impersonate a bank page without a police report
@@wojtekpolska1013 Yes you CAN. They can sue you for defamation, and unless you can afford a lawyer that can get very expensive very quickly. If it reaches a court and you have a lawyer they will lose, but if you can't afford that lawyer you could lose even though your reporting was accurate.
@@FireAngelOfLondon I mean, you can be sued by any person for any reason. I’m pretty sure what they meant is that you can’t be legally liable for telling the truth. It takes a lot to prove defamation, at least in the US.
Either way, lots of states have Anti-SLAPP statutes for exactly this reason.
best feeling in the world is to see people get what they deserve
This is great. Now imagine, if you made a tool, that would auto report the site to all the websites.
sadly many of them have captchas so bots cant submit reports
@@wojtekpolska1013 yeah I was afraid of that. But this video is still very informative and I'll be using all of the sites myself.
If anyone could do that it would be thio
Some of those report forms have capcha's, so that might not be possible.
yeah, like how theojoe made a program to report every scam comment
When I read the title, I was thinking more along the lines of DDOSing them... Would be ineffective but cooler
I saw in the screenshot that they're using CloudFlare as their name server so DDoSing isn't really an option. Besides, it's illegal and would probably get the DDoSer in trouble with their ISP
Absolutely BRILLIANT tutorial Theo, which I have already put to good use !
Thank you very much for taking the time to research and create this tutorial. Cheers mate 😍
If you want to do a follow up you should do one on how to report spam emails to vendors like AWS.
The thing that I've learned from this video: it would be great to have a single website that would take the report and then propagate it to the other websites, because it feels more like a chore than a simple task.
Sure, two independent reviews and bam they are gone.
I can't wait for the next scammer to send me a malicious link.
in "Microsoft Edge, > ... > Help & Feedback > Report unsafe site"
will automatically open Smartscreen & fill in the URL.
in "Firefox, ≡ > Help > Report deceptive site"
will open Google safebrowsing.
Best part is you don't have to fill in anything to report this way.
Similar option should be available for every other browser too.
I recieved about 50 SMS's nonestop about a Netflix account recovery today (obviously fake). So I did report the URL and within 5 minutes, site was blocked by google safebrowsing (in firefox). Edge hadn't blocked it yet tho.
Thanks Joe.
@ThioJoe : Excellent work Joe !!! 🙂🙂🙂
The only shame is that we sort of need to submit our malicious activity reports to all these sites individually. It would be so much better and easier if there was 1 centralized reporting point, and from there on allthe companies could use that to reference this data.
I found this video because I was looking up ways to report a malicious site. I just got done submitting to all of these. Thanks!
I really like that you made this video, and hopefully it will prevent many phishing attacks. But this won't stop phishing unfortunately, until the domain gets reported the damage is most likely already done and scammers can always register a new domain. Sadly scammers will always be out there scamming people, but raising awareness and reporting it like you showed here certainly helps!
Thank you for this thorough video, explaining each step. Someone used my kennel name and other breeder's pictures to set up a fraudulent website to collect deposits on puppies that did not exist. As I followed through your video, I used the sites to report the scammers. In the hour it took me report to each site I already had results coming in. Hopefully by tomorrow the website will be shut down.
Any tip on domains used for impersonating companies sending emails for fake TH-cam sponsors to get youtubers hacked?
They usually don't set any website on their domain and just set emails and when i report them to their registrar even explaining the whole situation, the registrar usually just responds backs saying "we couldn't find any infrining URLs".
Glad I found this video. I've noticed a new discord scam that's been going around where someone will randomly add you. and never actually talk to you.. and instead just have a profile description, with a link in there. And just.. hope that you're curious enough to click the link to see what it is. Scammers are getting more and more creative every day, so it's nice being able to take down scam links fairly easily
Why nobody says how great he works to give us the best videos?
I never knew you could do that
i remember when i hated this guys guts, his fake help vids kept popping up instead of the real help vids, i had to memorize this guys channel so i could specifically avoid his trolls. he had already wasted about 30 minutes of my time. now i love him, im so glad he decided to used his skills for good instead of evil.
i made this comment before the thiojoe itself LOL
@@knightning3521 yeah, before he did that
Thanks for this! I come across malicious domains a lot while scam baiting and thankful I know how to properly report them thanks to YOU
This video deserves to be seen by everyone on this planet
You should be hired, by the top team of Google and TH-cam, for sure.
Fraud Detection Agency (if they have one)
No. Anyone with IQ over room temperature could figure this out
No, he shouldn't. His tips are way too powerful for Google to deserve him.
Keep in mind Google profits from scams. As they sell ads for the scammers. They don't appear to care as long as they get paid.
I typically fire a report towards the dns registrar and the server hosting company (you can whois an ip to get an abuse email for it). The site in question is often down in a couple of hours.
- Losing access to the domain name means the links the scammers sent are now useless.
- Losing access to their servers may even cause them to lose data if they are a bit sloppy.
- Plus the registrar and hosting company are the only ones who really know who the scammers are. So *if* they address the issue, any further reporting is an exercise in futility.
Except there exist bulletproof hosters that will ignore abuse emails. They're rare in my experience, but your millage may vary. By a lot, probably. So this video is still pretty useful in that regard.
Phone scammers sometimes show up on networks that take action with proper reporting. As they get booted from one, another, and a third...eventually they end up on the ones that are more permissive in allowed activities and less permissive about actions taken. I get feedback from Verizon about a number of my reports having action taken.
You are a saint! Thank you! I just got scammed and I want to save others from getting scammed as well.
Which website?
@@Alina-hy4yg I can’t seem to find the actual website now but it was an email I got from “Freepeople” one word, pretending to be the clothing site. I ordered. stuff from them and it was not them…
Dude, thank you! This was awesome and I was able to accomplish in 24 hours what a whole company (the company being targeted/copied) couldn't for over a year!
A few of my friends fell for this kind of BS. I know because I've had some send me requests for this. I've never signed in as I thought it was odd reading the terms of service prompted me to login. Thinking about it, I was tempted to challenge them to do an Overdrill in Payday 2 to put them through a nightmare that lasts over an hour to get them to miss their game. Anyway, I think I am going to share this with people to raise awareness.
I reported the malicious url and within 30 minutes Google Chrome blocked it. Thank you very much 👏👏👏
One of the best videos you made Thio, not only you covered and altruistic topic in which you obviously put a lot of time and effort, you also made a video tutorial how everyone esle can chp-in too. The effect of this video will be enormous, you can be sure about that.
I want to thank you for the great video. I am Editor in Chief of a respected journal from the USA. Uninformed authors where submitting articles to a bogus copy of our site and paying a large publication fee which our journal does not do. They stole all our credentials even our name. We followed your careful and meticulous directions. Very quickly we received word that this bogus site was labeled as malicious and phishing. I truly appreciate the time and care you put into this video! Thank you again!
I nearly fell for this exact type of steam scam once.
The thing that saved me, was my password manager not auto filling my credentials, which made me suspicious and take a closer look.
Those things are really convincing these days.
So password managers can potentially prevent these types of scams too, never thought of that.
I’ve been doing this manually via various search queries, but having a video like this for reference beats that!
bro is absolutely anihilating that one singular domain
I remember being very sus of, basically, fake open source program websites. Scammers will pay for Google search result ad space, and imitate a popular open source programs website. I reported 2 ads for fake Blender web sites and 1 for a fake OBS website.
I suspect they give very "dirty" versions of the program you were told about. I never downloaded anything to see.
We honestly need a streamlined method of reporting a site to one location with all the required info and it selects the needed info and send it to each reporting location... i get a scam texts every few days and am tired of having to go through every reporting site
You are doing God’s work - thank you! I’ve reported some refund scam sites to Google and been ignored so now I know what to do to get them taken down.
finally I can take down those stupid websites that promises you "free robux"
bro.. i was literally taking down a free robux site like 5 mins ago.. how'd you know
Man, the edit on your videos reached peak really fast! I'm loving it: good, clean and useful.
Cheers from Argentina.
Would be amazing if someone would write a script to automate submitting the sites to the security sites. I have also seen scam sites that use multiple domains via links as you go through the scam workflow or redirects. Would be great to be able to automate submitting a list of domains.
The problem is that many reporting websites require you to do a captcha verification. So you wont be able to fully automate it.
@janrappe chatgpt4
Scammers be like How DARE you!!
Hey Joe, I think if you can make the reporting software similar to your YT comment one, it would make the process super easy.
Not saying I'm lazy here but that would be useful
It’s a bit beyond my abilities
@@ThioJoe not without a collab
I think the reason that Chrome does not block the site right away is probably that Chrome would first need to update the local blacklist. So, this has noting to do with their infrastructure, but with the update cycle of your local Chrome installation. “Enhanced protection” would probably send each individual website you are opening to Google. The reason this is not enabled by default is probably privacy protection. If you enable “enhanced protection”, I expect that Google is technically able to track all sites you are visiting throughout the day and attach that to your advertisement profile. Even using incognito mode wouldn't change that. I don't know if they are doing it, but they could do that, and it would be impossible to check from anyone outside of Google. There was actually some controversy in Germany about a similar topic with Chrome. I am wondering if they actually introduced “Standard protection” and made it the default due to this controversy. (Maybe the controversy was exactly about this “enhanced protection” feature before it was optional. I don't know.)
BTW, I would kind of expect that some of these blacklists are synced with each other in regular intervals. I am not sure if you actually have to report the website on all sites individually.
Great Video! I hope it helps people reporting such scam Websites
Thank you sooooooo much! It was already reported on one or two website so that is an improvement! Keep doing what you do best! Thanks!
I was getting constant phishing emails so did that your saying here and got the website shutdown :), if only every one was like us the scammer would be out of business:)
Thanks for sharing. I was recently targeted with a pig butchering scam, and I want to fight back and and try to help other potential victims.
I appreciate your time and effort put into making all those informative videos. Keep up the good work !
Yeah a local Indian restaurant website was loading a scam pop-under but only when there was a referrer reported it to their host, host gator abuse address. They did nothing. It wouldn't popup if you went directly to the site but if you followed a link to their site from google or facebook, etc. and the popup would occur. The site was up for months with a pop-under and the host did nothing.
Microsoft Defender 365 flags so many of these at my work. I think I'll start submitting them to these reporting agencies and get them taken down quicker.
Thanks ThioJoe ! You are the best !
0:02 stock video😭
Yea, he uses stock stuff Alot
Got my first Steam scam in quite some time today. Gotta say, I was quite happy to put this video into practice.
Idea: a script where you input the link of the website and it does this entire reporting process automatically.
I thought about it but it would be tough to make
@@ThioJoe I'm going to attempt to make one :)
@@chrissametrinequartz9389 its been a year, any news champ?
Just used this video to report a steam phising site i found. Thanks a lot for putting a lot of work into these high quality videos
At this point the scammers might just try to grab TH-cam with them if they go down! 😅
thank you for making this important video! it will help a lot of people out. every year I encounter 2 or 3 physhing, malware, or technical support your computer has a virus call now website. I never knew what to do after leaving these sites, but from now on I will do this reporting method. hopefully with more of us reporting these websites, they will become less common to encounter.
This feels like there is a need for a tool that lets you submit to all of these at once.
True 😅
But almost all of these forms have captcha requirements. I don't think this is possible to do
@@new_delhi you could do that by opening all of them with a filled form, then you just click the captcha and click the Send button and done
Using the links to report the scam running on Linus Tech Tips Channel.. oh boy that cryto elon musk giveaway was sooo good!
I can't recommend blocking new domains as a tactic. This can have a dramatic impact on genuine businesses during their start up period, but it is still smart to check creation dates when finding a potential scam or fishing site.
It’s usually only 30 days. Usually a domain is the first thing a company buys, maybe before they even register the company. Shouldn’t have any effect on legitimate businesses for very long if at all.
@@ThioJoe Is 30 days a sufficient time length for these websites to be found, reported and taken down? if so, I may get that.
One of my friends almost fell for one of those "Can you vote for my e-sports team" scams a few weeks ago. I should share this video with her.
I hope this will be useful for me.
I've seen the same russian ads every damn time.
Elon Musk this Tesla X investing that.
It's getting tiring.
Bro, I remember trying to boost my wifi with an empty can of soda lololol. Been a fan for quite awhile. Much love from PA brother.
Dunno if you're _the_ GOAT TJ, but you're definitely in the herd of GOATs. You've earned your keep.
Thankyou for the site links!
i bookmarked them & will be using them.
There's too many "free game" steam fake accounts on tiktok & reporting them to tiktok had zero effect... "did not break community guidelines" 🙄
Now i'll report the sites they link in their bio by using your method!
Thanx again!
awesome thats good way to get these scammers angry lol everyone should share this video to everyone so everyone on this planet knows how to do get scammers angry
Thank you for all the time you put into this. Much appreciated!
This will be great to use to get after those fraudulent sites that appear as Google Ads.
Much appreciated! Thanks for all your hard work, but how many people will watch the entire vid? This can't be good for your engagement stats.
I wish there was a tool that would mass send the reports to the websites you mentioned.
_This_ works on TH-cam as well.
If you find fake accounts, for example all those fake elon crypto streams, you can report them to TH-cam and have the content/channel removed.
TH-cam also sends a confirmation of removal. If everyone reports scammers/fake accounts when they find them, we can all help reduce their presence and success.👍🖖
**Do NOT false report channels. As a reminder, false reporting is a violation of TH-cam TOS**
Excellent. I am now part of team 'Shut Them Down Now'. :)
Great useful practice for developing one's OSINT skills.
Thank you so much for this video! I just got a phishing link a few hours ago and now I'm following all the steps in the video to report the link.
And, the website did get taken down. So, I can confirm that following the steps in the video works!
First thought was how I could use this to shut down any random website.
Thanks!
Of course! 😁
Anyrun need a _business_ email to register. I remember watching a video where a guy hacked into a scam Indian call center and made it so that they ended up calling only eachother. The place was massive and at one point, one of the scammers accused the other scammer over the phone of being a scammer and having a fake Indian accent. ROTF!
What about just a button that reports the website right on any browser. Press the button labeled it nuke website for fun or mass report website in actuality, and a little dialog box will appear it would say please enter a reason for reporting this website. It would also have a category selector. After selecting the category and entering in the notes, you could just press the report button. The information would be sent out to all of the websites listed. Unfortunately, if I ever break into coding, I can’t implement this. I won’t be creating a web browser because I don’t personally believe in third-party web browsers.
Good video but unfortunately outdated. Rarely these days scammers use main URL. Instead they use couple of subfolders while the main address remains clean to the search tools. Subfolders are changed/deleted daily so by the time the report is processed, the url in invalid. It would be good to make a follow up vid on this subject.
Thanks, I’ve been searching for a way to do so for a while now, now I can do it with ease
Good tips. I've had luck with various forms of spam and scams I get on my cell phone using a similar mindset; scammers' approaches toward what they send me have been changing as a result. Sometimes hard to determine what should get which reports as I don't always know it is a scam as I have limited interaction with them; some get minimal or no effort from me. As for direct shutdown efforts, I usually target URL forwarding/shortening services, email reply to points, and phone numbers to respond back to; this video's tips are directly on track for the custom URL reporting. Thank you.
I am bookmarking this video for ease of reporting. Thanks again
Thank you for submission malicious/scam URLs :)
Thank you for this information. I have been at a loss on how to deal with this. I have tried the FBI and going to hosts directly and it has been useless. This feels fast more effective.
I am excited for this. I have seen potential scam website been sent to me on a way that looks sus.
Thank you so much for this information, my Domain was hacked by a company I hired to built a website for me, after not delivering I asked for a refund. They hacked my domain and posted Adult Sex Toys on it. After following. your instructions on the video, it seems like all the bad sites are gone now. Thanks again.
Could you do a video on what’s good in Windows 10 and what’s bad in 11? Including the good features in 10 that will disappear from 11. I've heard of these but can't recall them all. I'm posting this request elsewhere as well.
4 minutes late with other 380 viewers! I already knew that trick. But I didn’t know more anti viruses to report. Thank you ThioJoe!
Most probably the person watching this video has no threat as they are smart enough. But we must report as a part of security of our friends and family.
Thanks for this video, just reported a scam website that's spreading a cookie stealer disguised as a game
Awesome work Joe!
A lot of usps smishing scams are going out right now. Hope your video helps bring down few!
ThioJoe: Dear Thio. I copied all the information below your video here just incase i came across a scammer. Problem is your Forcepoint link isn't working. I am glad that one person can make a difference still.
2:28 is worryingly close to my actual steam name
I remember last year in the Summer of 2022 when I nearly got scammed out of my Steam account after one of my Steam friends showed me a link to some game tournament voting site. When I voted it, it went through. But then I raised a red flag after realizing there's fake game tournament voting sites after I looked it up. I had to change my password and reported the Steam user. (which already got put on private) I nearly lost my years of game collecting. But honestly, I'm pretty much overwhelmed with too many unplayed games anyway. I gotta layoff the retail therapy. Because you know what they say? old habits die hard.