I spent so many hours recording and editing this video please give it a thumbs up for the algorithm • Also someone made a good point to emphasize: Only do this for legitimate phishing / malware domains, not just random companies you were dissatisfied with. Otherwise it will just waste yours and everyone’s time. • Also to be clear, at the beginning when I say "within a few hours", I just mean that's how long it took the companies to analyze the site. The work of reporting the site to all the companies only takes a few minutes once you know what to do. • As for getting sites blocked on Firefox and Safari, those also use Google’s Safe Browsing filter, so reporting it there covers them
Again.... first the bot code.. now this. Really Joe, ya should be hired, by the top team of Google and RU-vid, for sure. Along with scammerPayback. You 2 are making awesome work for society, true digital saints.
No... Well, I suppose browsers could add a button to report it to themself if they are willing to field the ridiculous number of reports that would generate before publishing them. But.. End users would basically spam it with false reports because they think a site is suspicious. It's worth noting that contacting a domain registrar, etc, Should Not be done unless you are sure that domain's owner is intending or allows the phishing or malicious activity - reports should usually go to the email providers and site contacts _first_. It is worth noting that submitting a false takedown to a domain registrar or ISP can lead to a criminal charge if the complaint is deemed fraudulent and/or being sued for damages if a reckless report causes a domain registrar to mistakenly take something down. The reporter assuming legal responsibility for what they write in their report and making sure to do so accurately are important requirements. Most end users won't know how to gather and enter all necessary facts, then excess of reports would get backlogged to the point few are ever answered. Organizations' points of contact that deal with these are in a business of investigating and responding to abuse, not providing a customer service - a registrar's abuse contact may be a low-priority secondary job duty of a dozen or less admins. Thus for end users.. you should mostly report malware or phishing to your IT or site Admin first, Or use the tools they've provided to report to them, but If this is a personal PC.. contact your Antivirus/phishing filter vendor, or Google (or Virustotal), and security vendors will share information, and it's plenty to report to one of those.
So people frustrated for whatever reason ( mostly not legit reason ) could do report revenge. I am not trying to be mean, your suggestion is great. My point is that we humans are a sack of emotions and irrationality.
Please do not misuse this to randomly report any site. This is not to report a website that you purchase something from and they got you a lower quality item or they supplied late. I know some people can be quite ridiculous. This is not to report a creator's website that you don't like. Make sure you have done you due diligence and made enough research to ensure the site you are reporting is really malicious. I think this video should have shown people how to detect and confirm malicious sites before reporting except for the obvious phishing sites and scam website. But this is a good video. Please use this when you are sure and have proof like screenshots as evidence.
I could imagine there would be people who would report websites simply for disagreement about things such as freedom of expression, I'm of course not talking about people making art based on likenesses of people in real life or anything like that, when it's purely fictional in not just scenario but also with it's characters, human rights wouldn't logically apply to anyone besides the artist in question.
Lengths like this? It's filling in simple online forms, it's not that much of a process. You make it sound like wasting a few minutes to take down malicious sites is an extremely arduous process. People these days really want 1-click solutions for literally anything...
@@revsnowfox5798 Yeah What the OP doesn't understand is the reason why there are so many services is because much of this stuff is regional and reporting takes time to propagate through various channels to ensure correct classification. Not to mention, the _numerous_ daily false flags they have to field. A spread load is not only easier to manage, it also allows for cross-checking and confirmation between multiple parties. Reporting of this variety is more like a jury council reaching consensus based on how often you appeal to them rather than a central authority smiting webpages with the power of Zeus.
@@revsnowfox5798 There's like 20 different forms to report to, and for how many people are sending out phishing links and stuff, it's a lot easier to just ignore the site than fill out 20 forms. It's better to have the barrier set lower.
I agree, why is there no international internet safety organization /police that provides a report we can complete that will link to all security companies... like a WHO for internet or something.
@@cherrypoutines6269 Internet is still new - and international laws are difficult for every country to agree to. Only a couple forms will typically suffice this is just a guide to completely annihilate a site.
That will be so useful to nerf so many types of scams. I didn't even know this existed. You deserve a lot more subscribers because you always fight against scammers and hackers! Keep up your great work!
@@hedwig7s just 1 mistake lol thats all it takes, it can be a BANK sending a bank statement as a pdf with password and lets say he f3cked up in future and forgot to check the email or the email domains looks really convenient as chase bank or other banks Soon as he opens the PDF, he's a GONER man. Even he can get TRICKED and HACKED. even if you're pro doesn't mean you aint worth getting attacked, just 1 mistake thats all, maybe his GF at his home using his PC for Gaming and try a cheatbot or idk anything while he's away from his Computer. Thats all it takes BRO. 🙄
I wanted add something since it wasn't mentioned. If the website has anything to do with AWS (hosting, database, etc...), you can forward the information to the AWS abuse email and Amazon can shut down their aws account which could be catastrophic for them.
@thgougler Which sounds a way quicker way than reporting to 20 differents websites, thank you ! Btw, how could you tell quickly if the website is actually using AWS services or not ?
Yeah I went through AWS' verification process one time. I just wanted to see what services they had and maybe learn something and didn't expect a rigorous verification process. The idea "scammers need web hosting" didn't occur to me. I imagine even if they spoofed their identity for that process somehow (e.g. with someone else's identity), it's still a PITA. Meanwhile for you it's just a quick form or two.
The DNS registering process by the scammers is automated. Scripts re-register on another domain in milliseconds. They'll update the URL in the video livestreams (such as Elon Musk crypto scams), Twitter post etc. To really hurt scammers, you need to hit their infrastructure and/or their money streams and/or visit them and take them down.
You're right, they will likely just set up a new site. But at least it will help the people that perhaps get a scam message and don't see it for several hours, and hopefully by the time the do, the site will be blocked.
@ThioJoe fully agreed. Reporting the scam website is always better than taking no action. Even if reporting resulted in one less victim, you already achieved your goal. Your viewers do have to understand that this is a surface-level impact for scammers themselves.
I saw in the screenshot that they're using CloudFlare as their name server so DDoSing isn't really an option. Besides, it's illegal and would probably get the DDoSer in trouble with their ISP
Registrars that will take a domain down on the strength of a report like this are few and far between. Scammers tend to register their domains with registrars who actively protect them or who have no process in place to take them down for abuse. There are two that I know of (I won't name them here to avoid being sued) that raise immediate red flags, as in I can be 99% certain that a domain registered with them is a scam domain.
you can't get sued for saying this kind of stuff btw the reason ppl hide company names, is in case they work at the company and want to avoid getting fired. you can't get sued for simply saying something about a company that they don't like.
@@wojtekpolska1013 Yes you CAN. They can sue you for defamation, and unless you can afford a lawyer that can get very expensive very quickly. If it reaches a court and you have a lawyer they will lose, but if you can't afford that lawyer you could lose even though your reporting was accurate.
@@FireAngelOfLondon I mean, you can be sued by any person for any reason. I’m pretty sure what they meant is that you can’t be legally liable for telling the truth. It takes a lot to prove defamation, at least in the US. Either way, lots of states have Anti-SLAPP statutes for exactly this reason.
You are by far, THE most underrated RU-vidr ever! Bro, u saved my butt more times than i can count, and apparently Linus' too. Please never stop for those of us that TRULY love the work you do.
I nearly fell for this exact type of steam scam once. The thing that saved me, was my password manager not auto filling my credentials, which made me suspicious and take a closer look. Those things are really convincing these days.
Any tip on domains used for impersonating companies sending emails for fake RU-vid sponsors to get youtubers hacked? They usually don't set any website on their domain and just set emails and when i report them to their registrar even explaining the whole situation, the registrar usually just responds backs saying "we couldn't find any infrining URLs".
I really like that you made this video, and hopefully it will prevent many phishing attacks. But this won't stop phishing unfortunately, until the domain gets reported the damage is most likely already done and scammers can always register a new domain. Sadly scammers will always be out there scamming people, but raising awareness and reporting it like you showed here certainly helps!
Microsoft Defender 365 flags so many of these at my work. I think I'll start submitting them to these reporting agencies and get them taken down quicker.
I remember being very sus of, basically, fake open source program websites. Scammers will pay for Google search result ad space, and imitate a popular open source programs website. I reported 2 ads for fake Blender web sites and 1 for a fake OBS website. I suspect they give very "dirty" versions of the program you were told about. I never downloaded anything to see.
One of the best videos you made Thio, not only you covered and altruistic topic in which you obviously put a lot of time and effort, you also made a video tutorial how everyone esle can chp-in too. The effect of this video will be enormous, you can be sure about that.
I think the reason that Chrome does not block the site right away is probably that Chrome would first need to update the local blacklist. So, this has noting to do with their infrastructure, but with the update cycle of your local Chrome installation. “Enhanced protection” would probably send each individual website you are opening to Google. The reason this is not enabled by default is probably privacy protection. If you enable “enhanced protection”, I expect that Google is technically able to track all sites you are visiting throughout the day and attach that to your advertisement profile. Even using incognito mode wouldn't change that. I don't know if they are doing it, but they could do that, and it would be impossible to check from anyone outside of Google. There was actually some controversy in Germany about a similar topic with Chrome. I am wondering if they actually introduced “Standard protection” and made it the default due to this controversy. (Maybe the controversy was exactly about this “enhanced protection” feature before it was optional. I don't know.) BTW, I would kind of expect that some of these blacklists are synced with each other in regular intervals. I am not sure if you actually have to report the website on all sites individually.
We honestly need a streamlined method of reporting a site to one location with all the required info and it selects the needed info and send it to each reporting location... i get a scam texts every few days and am tired of having to go through every reporting site
Hey Joe, I think if you can make the reporting software similar to your YT comment one, it would make the process super easy. Not saying I'm lazy here but that would be useful
I can't recommend blocking new domains as a tactic. This can have a dramatic impact on genuine businesses during their start up period, but it is still smart to check creation dates when finding a potential scam or fishing site.
It’s usually only 30 days. Usually a domain is the first thing a company buys, maybe before they even register the company. Shouldn’t have any effect on legitimate businesses for very long if at all.
I don't think it steals Steam Guards codes, it just make a lot of sense to refuse credentials every time. Think about it. 1. You don't have anything to gain by redirecting to the Steam website. 2. If people think the account name or password is wrong, they may try out their other, non-steam passwords, thinking they used the wrong one! Or if they have several Steam accounts they will give you all of them!
I did this to a few websites and shockingly it did work after a few days. Hopefully saved hard working people some money from websites deliberately preying.
Anyrun need a _business_ email to register. I remember watching a video where a guy hacked into a scam Indian call center and made it so that they ended up calling only eachother. The place was massive and at one point, one of the scammers accused the other scammer over the phone of being a scammer and having a fake Indian accent. ROTF!
Thankyou for the site links! i bookmarked them & will be using them. There's too many "free game" steam fake accounts on tiktok & reporting them to tiktok had zero effect... "did not break community guidelines" 🙄 Now i'll report the sites they link in their bio by using your method! Thanx again!
Could you do a video on what’s good in Windows 10 and what’s bad in 11? Including the good features in 10 that will disappear from 11. I've heard of these but can't recall them all. I'm posting this request elsewhere as well.
That seems like significantly more effort than it likely takes then to make a replacement site. Not to suggest it shouldn't be done, but it does make it seem like a Sisyphean task.
awesome thats good way to get these scammers angry lol everyone should share this video to everyone so everyone on this planet knows how to do get scammers angry
I've done this, I saved shortcuts to report websites. Some are quick and easy (url, submit, done), others are a draw out process with tons of personal info questions and tons of details and may not be worth the time.
Would be cool if there was a tool that could go through all these steps for you. i.e. It asks for all the information up front, the domain, what category it is, a screenshot, and a description of the site in question, and then it would go and submit the reports for you.
Thank you for this information. I have been at a loss on how to deal with this. I have tried the FBI and going to hosts directly and it has been useless. This feels fast more effective.
Yes they do, this month its gotten out of hand with the deepfake ads using celebrity Ai in the ads (all saying you get gold for no cost and just to pay shipping... yes a youtube ad!)
It's a shame John Q. Public cannot acquire software which will trace the site owners' physical addresses. An awful lot of advancements in combating malware would come to pass if we could have that information. Also, a simple way of identifying Bitcoin owners via their Bitcoin addresses would benefit people greatly when encountering those ransom, extortion emails.
I had to change my password because of the scam described - Pro tip - open such steam links from in-game overlay - this way you are already logged in with Steam and if the site asks you for password you know it's a scam.
I think I can see an automation in the making. A web crawler that checks for fishing sites and then goes through the process autonomously that you're showing here!
What about just a button that reports the website right on any browser. Press the button labeled it nuke website for fun or mass report website in actuality, and a little dialog box will appear it would say please enter a reason for reporting this website. It would also have a category selector. After selecting the category and entering in the notes, you could just press the report button. The information would be sent out to all of the websites listed. Unfortunately, if I ever break into coding, I can’t implement this. I won’t be creating a web browser because I don’t personally believe in third-party web browsers.
I rarely get scam SMS messages leading to fake scam websites but I had one today and It looked like they had the smart idea to block connections from desktop, so it was only accessible by mobiles or mobile browsers. Interesting method to avoid detection I hope my reporting worked.
