| Who to report to | How | |------------------|-----| | Your organization’s IT/security team | Forward the original email/message and the URL, plus any screenshots of detection results. | | US‑based users – FTC (Federal Trade Commission) | File a complaint at https://reportfraud.ftc.gov/ (select “Phishing” → “Email, phone, or other communication”). | | UK – Action Fraud | https://www.actionfraud.police.uk/ (provide the URL, date seen, and any associated emails). | | EU – National CSIRT (e.g., CERT‑FR, CERT‑DE) | Look up the local CSIRT’s reporting portal. | | Google Safe Browsing | https://safebrowsing.google.com/safebrowsing/report_phish/ (submit the URL). | | Microsoft – SmartScreen/Phish Report | In Outlook, right‑click the message → “Report > Phishing”. | | PhishTank | https://www.phishtank.com/ (requires a free account). | | VirusTotal | On the URL results page, click “Report false positive / malicious” and fill the short form. |
Tip: When you report, include:
| Action | Quick implementation | |--------|----------------------| | Enable browser anti‑phishing extensions (e.g., uBlock Origin + PhishBlock) | Install from official add‑on stores; they block known malicious domains. | | Turn on MFA for all critical accounts (email, banking, corporate VPN). | Even if credentials are harvested, the attacker can’t log in without the second factor. | | Use a password manager that flags breached passwords. | Managers like Bitwarden, 1Password, or LastPass will warn you if a password appears in a breach. | | Educate: run a short “phish‑recognition” drill for colleagues. | Shows examples of misspelled URLs, urgent‑language emails, and hidden links. | wwwfakepublicagentcomin upd
| Tool | How to use | Why it helps |
|------|------------|--------------|
| who.is (https://who.is) | Enter the domain (e.g., fakepublicagent.com). | Shows registration date, registrar, and contact info. Very recent registrations (< 30 days) are a red flag. |
| SecurityTrails (https://securitytrails.com) | Lookup domain → “Historical DNS”. | Reveals past IP addresses, sub‑domains, and hosting changes that can hint at abuse. |
| nslookup / dig (run locally) | nslookup fakepublicagent.com or dig fakepublicagent.com ANY | Shows the IP, any CNAMEs, and if the domain resolves to a hosting provider known for abuse (e.g., certain free‑hosting services). |
Quick red‑flag checklist
| Indicator | Why it matters | |-----------|----------------| | Registrar is a low‑cost “privacy‑first” service (e.g., Namecheap, GoDaddy, but with privacy protection) and registration date < 30 days | Attackers often use fresh domains to avoid reputation buildup. | | IP belongs to a known cloud provider (AWS, DigitalOcean, Linode) and no TLS/HTTPS certificate or a self‑signed cert | Cloud VMs are cheap and frequently abused for short‑lived phishing sites. | | Domain name is a close misspelling of a legitimate brand (e.g., “publicagent” vs “public‑agent”) | Classic typosquatting/phishing technique. |
The string you provided looks like it may be missing punctuation. Common variants that look similar are: | Who to report to | How |
| Possible intended URL | What it would look like in a browser |
|----------------------|--------------------------------------|
| www.fakepublicagent.com | https://www.fakepublicagent.com |
| www.fakepublicagent.com/inup | https://www.fakepublicagent.com/inup |
| www.fakepublicagent.com/upd | https://www.fakepublicagent.com/upd |
| www.fakepublicagent.com?in=upd | https://www.fakepublicagent.com?in=upd |
If you can locate the exact address (copy‑and‑paste it from the email, message, or document where you saw it), you’ll have a cleaner “hash” to feed to scanning tools later. | Tool | How to use | Why
