At a glance
- Security companies provide us with a live data feed of sites that have been reported as phishing sites
- We can use this data to alert you of any domain names on your tag that are on this report
- When you receive notification of a domain name being involved in phishing you can lock it using our investigation lock while you carry out further checks
- You can enable the phishing feed by checking the box ‘Receive Phishing Notifications’ in your Online Services account
We are providing a phishing feed to help registrars combat phishing.
Specialist security companies are continually monitoring phishing through a variety of methods. These security companies will often identify a phishing site within a very short time of it being registered and set up.
When a phisher sets up a phishing site it is usually only effective for a short period of time. It is therefore essential to act as quickly as possible to shut down phishing sites.
The security companies are providing us with a live data feed of sites that have been reported as phishing sites. We can use this data to alert a registrar of any domain names on their tag that are on this report. Once you receive notification of a domain name suspected of being involved in phishing, you can then lock the name using our investigation lock, whilst you carry out further checks.
The data for our phishing feed is currently supplied by Netcraft. We are also looking at other sources of data and will add them when available.
Netcraft phishing feed – notifies of domains that have been used for phishing purposes.
|Key||Domain name notified about|
|Abuse-type||The type of abuse – may be ‘phishing’|
|Source||The source of the notification|
|Hostname||The hostname for the site|
|URL||URL of abusive page|
|Date||Date source added the record to their database|
|IP||IP address for abusive page|
|Nameserver||Nameserver for the abusive page|
|Dns-admin||DNS Admin for the abusive page|
|Target||Target of the abuse|
|Whole-domain||‘y’ if the whole domain is affected, ‘n’ if not|
How do I use the phishing feed?
The phishing feed is an opt-in service and can be accessed in your online service account under Tag Settings > Notifications. To enable the phishing feed simply check the box ‘Receive Phishing Notifications’.
Notifications can be sent either by email or by EPP. If you wish to receive email notification of phishing events on your tag you can supply your preferred notification email address. Further details about the notification email and the layout of the EPP notification are available here.
Minerva House, Edmund Halley Road, Oxford Science Park, OX4 4DQ, United Kingdom