I spent so many hours recording and editing this video please give it a thumbs up for the algorithm • Also someone made a good point to emphasize: Only do this for legitimate phishing / malware domains, not just random companies you were dissatisfied with. Otherwise it will just waste yours and everyone’s time. • Also to be clear, at the beginning when I say "within a few hours", I just mean that's how long it took the companies to analyze the site. The work of reporting the site to all the companies only takes a few minutes once you know what to do. • As for getting sites blocked on Firefox and Safari, those also use Google’s Safe Browsing filter, so reporting it there covers them
Again.... first the bot code.. now this. Really Joe, ya should be hired, by the top team of Google and UA-cam, for sure. Along with scammerPayback. You 2 are making awesome work for society, true digital saints.
Please do not misuse this to randomly report any site. This is not to report a website that you purchase something from and they got you a lower quality item or they supplied late. I know some people can be quite ridiculous. This is not to report a creator's website that you don't like. Make sure you have done you due diligence and made enough research to ensure the site you are reporting is really malicious. I think this video should have shown people how to detect and confirm malicious sites before reporting except for the obvious phishing sites and scam website. But this is a good video. Please use this when you are sure and have proof like screenshots as evidence.
I could imagine there would be people who would report websites simply for disagreement about things such as freedom of expression, I'm of course not talking about people making art based on likenesses of people in real life or anything like that, when it's purely fictional in not just scenario but also with it's characters, human rights wouldn't logically apply to anyone besides the artist in question.
No... Well, I suppose browsers could add a button to report it to themself if they are willing to field the ridiculous number of reports that would generate before publishing them. But.. End users would basically spam it with false reports because they think a site is suspicious. It's worth noting that contacting a domain registrar, etc, Should Not be done unless you are sure that domain's owner is intending or allows the phishing or malicious activity - reports should usually go to the email providers and site contacts _first_. It is worth noting that submitting a false takedown to a domain registrar or ISP can lead to a criminal charge if the complaint is deemed fraudulent and/or being sued for damages if a reckless report causes a domain registrar to mistakenly take something down. The reporter assuming legal responsibility for what they write in their report and making sure to do so accurately are important requirements. Most end users won't know how to gather and enter all necessary facts, then excess of reports would get backlogged to the point few are ever answered. Organizations' points of contact that deal with these are in a business of investigating and responding to abuse, not providing a customer service - a registrar's abuse contact may be a low-priority secondary job duty of a dozen or less admins. Thus for end users.. you should mostly report malware or phishing to your IT or site Admin first, Or use the tools they've provided to report to them, but If this is a personal PC.. contact your Antivirus/phishing filter vendor, or Google (or Virustotal), and security vendors will share information, and it's plenty to report to one of those.
So people frustrated for whatever reason ( mostly not legit reason ) could do report revenge. I am not trying to be mean, your suggestion is great. My point is that we humans are a sack of emotions and irrationality.
I wanted add something since it wasn't mentioned. If the website has anything to do with AWS (hosting, database, etc...), you can forward the information to the AWS abuse email and Amazon can shut down their aws account which could be catastrophic for them.
@thgougler Which sounds a way quicker way than reporting to 20 differents websites, thank you ! Btw, how could you tell quickly if the website is actually using AWS services or not ?
Yeah I went through AWS' verification process one time. I just wanted to see what services they had and maybe learn something and didn't expect a rigorous verification process. The idea "scammers need web hosting" didn't occur to me. I imagine even if they spoofed their identity for that process somehow (e.g. with someone else's identity), it's still a PITA. Meanwhile for you it's just a quick form or two.
As someone who operates a hosting provider thank you for creating a video. Most people don't alert us whilst we can immediately take down a website instead of having to wait for all of the third-party providers to block the site. Going to the source directly will most likely resolve in quicker resolution of taking the site down and stopping toe scammers from stealing other peoples information.
I've tried contacting hosting providers directly and they have never taken a site down. They ask for too much information and proof of damages before doing anything. I'd prefer just dealing with the reports.
@@ananamusly never heard that. In the. Netherlands where we are located we are actively monitored by the gov and they force us to deal with cyber crime and may even hold us responsable for not dealing with it so most of us tend to block those sites.
That will be so useful to nerf so many types of scams. I didn't even know this existed. You deserve a lot more subscribers because you always fight against scammers and hackers! Keep up your great work!
@@hedwig7s just 1 mistake lol thats all it takes, it can be a BANK sending a bank statement as a pdf with password and lets say he f3cked up in future and forgot to check the email or the email domains looks really convenient as chase bank or other banks Soon as he opens the PDF, he's a GONER man. Even he can get TRICKED and HACKED. even if you're pro doesn't mean you aint worth getting attacked, just 1 mistake thats all, maybe his GF at his home using his PC for Gaming and try a cheatbot or idk anything while he's away from his Computer. Thats all it takes BRO. 🙄
Lengths like this? It's filling in simple online forms, it's not that much of a process. You make it sound like wasting a few minutes to take down malicious sites is an extremely arduous process. People these days really want 1-click solutions for literally anything...
@@revsnowfox5798 Yeah What the OP doesn't understand is the reason why there are so many services is because much of this stuff is regional and reporting takes time to propagate through various channels to ensure correct classification. Not to mention, the _numerous_ daily false flags they have to field. A spread load is not only easier to manage, it also allows for cross-checking and confirmation between multiple parties. Reporting of this variety is more like a jury council reaching consensus based on how often you appeal to them rather than a central authority smiting webpages with the power of Zeus.
@@revsnowfox5798 There's like 20 different forms to report to, and for how many people are sending out phishing links and stuff, it's a lot easier to just ignore the site than fill out 20 forms. It's better to have the barrier set lower.
I agree, why is there no international internet safety organization /police that provides a report we can complete that will link to all security companies... like a WHO for internet or something.
@@cherrypoutines6269 Internet is still new - and international laws are difficult for every country to agree to. Only a couple forms will typically suffice this is just a guide to completely annihilate a site.
The DNS registering process by the scammers is automated. Scripts re-register on another domain in milliseconds. They'll update the URL in the video livestreams (such as Elon Musk crypto scams), Twitter post etc. To really hurt scammers, you need to hit their infrastructure and/or their money streams and/or visit them and take them down.
You're right, they will likely just set up a new site. But at least it will help the people that perhaps get a scam message and don't see it for several hours, and hopefully by the time the do, the site will be blocked.
@ThioJoe fully agreed. Reporting the scam website is always better than taking no action. Even if reporting resulted in one less victim, you already achieved your goal. Your viewers do have to understand that this is a surface-level impact for scammers themselves.
I saw in the screenshot that they're using CloudFlare as their name server so DDoSing isn't really an option. Besides, it's illegal and would probably get the DDoSer in trouble with their ISP
Registrars that will take a domain down on the strength of a report like this are few and far between. Scammers tend to register their domains with registrars who actively protect them or who have no process in place to take them down for abuse. There are two that I know of (I won't name them here to avoid being sued) that raise immediate red flags, as in I can be 99% certain that a domain registered with them is a scam domain.
you can't get sued for saying this kind of stuff btw the reason ppl hide company names, is in case they work at the company and want to avoid getting fired. you can't get sued for simply saying something about a company that they don't like.
@@wojtekpolska1013 Yes you CAN. They can sue you for defamation, and unless you can afford a lawyer that can get very expensive very quickly. If it reaches a court and you have a lawyer they will lose, but if you can't afford that lawyer you could lose even though your reporting was accurate.
@@FireAngelOfLondon I mean, you can be sued by any person for any reason. I’m pretty sure what they meant is that you can’t be legally liable for telling the truth. It takes a lot to prove defamation, at least in the US. Either way, lots of states have Anti-SLAPP statutes for exactly this reason.
You are by far, THE most underrated UA-camr ever! Bro, u saved my butt more times than i can count, and apparently Linus' too. Please never stop for those of us that TRULY love the work you do.
The thing that I've learned from this video: it would be great to have a single website that would take the report and then propagate it to the other websites, because it feels more like a chore than a simple task.
I typically fire a report towards the dns registrar and the server hosting company (you can whois an ip to get an abuse email for it). The site in question is often down in a couple of hours. - Losing access to the domain name means the links the scammers sent are now useless. - Losing access to their servers may even cause them to lose data if they are a bit sloppy. - Plus the registrar and hosting company are the only ones who really know who the scammers are. So *if* they address the issue, any further reporting is an exercise in futility. Except there exist bulletproof hosters that will ignore abuse emails. They're rare in my experience, but your millage may vary. By a lot, probably. So this video is still pretty useful in that regard.
Phone scammers sometimes show up on networks that take action with proper reporting. As they get booted from one, another, and a third...eventually they end up on the ones that are more permissive in allowed activities and less permissive about actions taken. I get feedback from Verizon about a number of my reports having action taken.
@ThioJoe : Excellent work Joe !!! 🙂🙂🙂 The only shame is that we sort of need to submit our malicious activity reports to all these sites individually. It would be so much better and easier if there was 1 centralized reporting point, and from there on allthe companies could use that to reference this data.
Absolutely BRILLIANT tutorial Theo, which I have already put to good use ! Thank you very much for taking the time to research and create this tutorial. Cheers mate 😍
I want to thank you for the great video. I am Editor in Chief of a respected journal from the USA. Uninformed authors where submitting articles to a bogus copy of our site and paying a large publication fee which our journal does not do. They stole all our credentials even our name. We followed your careful and meticulous directions. Very quickly we received word that this bogus site was labeled as malicious and phishing. I truly appreciate the time and care you put into this video! Thank you again!
@@Alina-hy4yg I can’t seem to find the actual website now but it was an email I got from “Freepeople” one word, pretending to be the clothing site. I ordered. stuff from them and it was not them…
in "Microsoft Edge, > ... > Help & Feedback > Report unsafe site" will automatically open Smartscreen & fill in the URL. in "Firefox, ≡ > Help > Report deceptive site" will open Google safebrowsing. Best part is you don't have to fill in anything to report this way. Similar option should be available for every other browser too. I recieved about 50 SMS's nonestop about a Netflix account recovery today (obviously fake). So I did report the URL and within 5 minutes, site was blocked by google safebrowsing (in firefox). Edge hadn't blocked it yet tho. Thanks Joe.
Glad I found this video. I've noticed a new discord scam that's been going around where someone will randomly add you. and never actually talk to you.. and instead just have a profile description, with a link in there. And just.. hope that you're curious enough to click the link to see what it is. Scammers are getting more and more creative every day, so it's nice being able to take down scam links fairly easily
I really like that you made this video, and hopefully it will prevent many phishing attacks. But this won't stop phishing unfortunately, until the domain gets reported the damage is most likely already done and scammers can always register a new domain. Sadly scammers will always be out there scamming people, but raising awareness and reporting it like you showed here certainly helps!
Dude, thank you! This was awesome and I was able to accomplish in 24 hours what a whole company (the company being targeted/copied) couldn't for over a year!
I nearly fell for this exact type of steam scam once. The thing that saved me, was my password manager not auto filling my credentials, which made me suspicious and take a closer look. Those things are really convincing these days.
A few of my friends fell for this kind of BS. I know because I've had some send me requests for this. I've never signed in as I thought it was odd reading the terms of service prompted me to login. Thinking about it, I was tempted to challenge them to do an Overdrill in Payday 2 to put them through a nightmare that lasts over an hour to get them to miss their game. Anyway, I think I am going to share this with people to raise awareness.
Thank you for this thorough video, explaining each step. Someone used my kennel name and other breeder's pictures to set up a fraudulent website to collect deposits on puppies that did not exist. As I followed through your video, I used the sites to report the scammers. In the hour it took me report to each site I already had results coming in. Hopefully by tomorrow the website will be shut down.
Any tip on domains used for impersonating companies sending emails for fake UA-cam sponsors to get youtubers hacked? They usually don't set any website on their domain and just set emails and when i report them to their registrar even explaining the whole situation, the registrar usually just responds backs saying "we couldn't find any infrining URLs".
i remember when i hated this guys guts, his fake help vids kept popping up instead of the real help vids, i had to memorize this guys channel so i could specifically avoid his trolls. he had already wasted about 30 minutes of my time. now i love him, im so glad he decided to used his skills for good instead of evil.
One of the best videos you made Thio, not only you covered and altruistic topic in which you obviously put a lot of time and effort, you also made a video tutorial how everyone esle can chp-in too. The effect of this video will be enormous, you can be sure about that.
We honestly need a streamlined method of reporting a site to one location with all the required info and it selects the needed info and send it to each reporting location... i get a scam texts every few days and am tired of having to go through every reporting site
Would be amazing if someone would write a script to automate submitting the sites to the security sites. I have also seen scam sites that use multiple domains via links as you go through the scam workflow or redirects. Would be great to be able to automate submitting a list of domains.
Good tips. I've had luck with various forms of spam and scams I get on my cell phone using a similar mindset; scammers' approaches toward what they send me have been changing as a result. Sometimes hard to determine what should get which reports as I don't always know it is a scam as I have limited interaction with them; some get minimal or no effort from me. As for direct shutdown efforts, I usually target URL forwarding/shortening services, email reply to points, and phone numbers to respond back to; this video's tips are directly on track for the custom URL reporting. Thank you.
I was getting constant phishing emails so did that your saying here and got the website shutdown :), if only every one was like us the scammer would be out of business:)
I think the reason that Chrome does not block the site right away is probably that Chrome would first need to update the local blacklist. So, this has noting to do with their infrastructure, but with the update cycle of your local Chrome installation. “Enhanced protection” would probably send each individual website you are opening to Google. The reason this is not enabled by default is probably privacy protection. If you enable “enhanced protection”, I expect that Google is technically able to track all sites you are visiting throughout the day and attach that to your advertisement profile. Even using incognito mode wouldn't change that. I don't know if they are doing it, but they could do that, and it would be impossible to check from anyone outside of Google. There was actually some controversy in Germany about a similar topic with Chrome. I am wondering if they actually introduced “Standard protection” and made it the default due to this controversy. (Maybe the controversy was exactly about this “enhanced protection” feature before it was optional. I don't know.) BTW, I would kind of expect that some of these blacklists are synced with each other in regular intervals. I am not sure if you actually have to report the website on all sites individually.
Microsoft Defender 365 flags so many of these at my work. I think I'll start submitting them to these reporting agencies and get them taken down quicker.
Hey Joe, I think if you can make the reporting software similar to your YT comment one, it would make the process super easy. Not saying I'm lazy here but that would be useful
I remember being very sus of, basically, fake open source program websites. Scammers will pay for Google search result ad space, and imitate a popular open source programs website. I reported 2 ads for fake Blender web sites and 1 for a fake OBS website. I suspect they give very "dirty" versions of the program you were told about. I never downloaded anything to see.
thank you for making this important video! it will help a lot of people out. every year I encounter 2 or 3 physhing, malware, or technical support your computer has a virus call now website. I never knew what to do after leaving these sites, but from now on I will do this reporting method. hopefully with more of us reporting these websites, they will become less common to encounter.
I can't recommend blocking new domains as a tactic. This can have a dramatic impact on genuine businesses during their start up period, but it is still smart to check creation dates when finding a potential scam or fishing site.
It’s usually only 30 days. Usually a domain is the first thing a company buys, maybe before they even register the company. Shouldn’t have any effect on legitimate businesses for very long if at all.
Thankyou for the site links! i bookmarked them & will be using them. There's too many "free game" steam fake accounts on tiktok & reporting them to tiktok had zero effect... "did not break community guidelines" 🙄 Now i'll report the sites they link in their bio by using your method! Thanx again!
Good video but unfortunately outdated. Rarely these days scammers use main URL. Instead they use couple of subfolders while the main address remains clean to the search tools. Subfolders are changed/deleted daily so by the time the report is processed, the url in invalid. It would be good to make a follow up vid on this subject.
Most probably the person watching this video has no threat as they are smart enough. But we must report as a part of security of our friends and family.
I did this to a few websites and shockingly it did work after a few days. Hopefully saved hard working people some money from websites deliberately preying.
Thank you for this information. I have been at a loss on how to deal with this. I have tried the FBI and going to hosts directly and it has been useless. This feels fast more effective.
_This_ works on UA-cam as well. If you find fake accounts, for example all those fake elon crypto streams, you can report them to UA-cam and have the content/channel removed. UA-cam also sends a confirmation of removal. If everyone reports scammers/fake accounts when they find them, we can all help reduce their presence and success.👍🖖 **Do NOT false report channels. As a reminder, false reporting is a violation of UA-cam TOS**
awesome thats good way to get these scammers angry lol everyone should share this video to everyone so everyone on this planet knows how to do get scammers angry
The video is great. My personal experience that registrar didnt make anything asking for court case. So the fake product inventory, missing product for delivery and stollen money was not enough. They just dont care
Anyrun need a _business_ email to register. I remember watching a video where a guy hacked into a scam Indian call center and made it so that they ended up calling only eachother. The place was massive and at one point, one of the scammers accused the other scammer over the phone of being a scammer and having a fake Indian accent. ROTF!
Thank you so much for this information, my Domain was hacked by a company I hired to built a website for me, after not delivering I asked for a refund. They hacked my domain and posted Adult Sex Toys on it. After following. your instructions on the video, it seems like all the bad sites are gone now. Thanks again.
Could you do a video on what’s good in Windows 10 and what’s bad in 11? Including the good features in 10 that will disappear from 11. I've heard of these but can't recall them all. I'm posting this request elsewhere as well.
I remember last year in the Summer of 2022 when I nearly got scammed out of my Steam account after one of my Steam friends showed me a link to some game tournament voting site. When I voted it, it went through. But then I raised a red flag after realizing there's fake game tournament voting sites after I looked it up. I had to change my password and reported the Steam user. (which already got put on private) I nearly lost my years of game collecting. But honestly, I'm pretty much overwhelmed with too many unplayed games anyway. I gotta layoff the retail therapy. Because you know what they say? old habits die hard.
I spent so many hours recording and editing this video please give it a thumbs up for the algorithm
• Also someone made a good point to emphasize: Only do this for legitimate phishing / malware domains, not just random companies you were dissatisfied with. Otherwise it will just waste yours and everyone’s time.
• Also to be clear, at the beginning when I say "within a few hours", I just mean that's how long it took the companies to analyze the site. The work of reporting the site to all the companies only takes a few minutes once you know what to do.
• As for getting sites blocked on Firefox and Safari, those also use Google’s Safe Browsing filter, so reporting it there covers them
no because you pinned your own comment
I got this recommended to me only 2 minutes after it was released :)
Being that 7th view is something else.
Again.... first the bot code.. now this.
Really Joe, ya should be hired, by the top team of Google and UA-cam, for sure. Along with scammerPayback. You 2 are making awesome work for society, true digital saints.
@@_lun4r_ what's bad about it?
Windows Sandbox isnt anvaiable in home
Please do not misuse this to randomly report any site. This is not to report a website that you purchase something from and they got you a lower quality item or they supplied late. I know some people can be quite ridiculous.
This is not to report a creator's website that you don't like.
Make sure you have done you due diligence and made enough research to ensure the site you are reporting is really malicious.
I think this video should have shown people how to detect and confirm malicious sites before reporting except for the obvious phishing sites and scam website.
But this is a good video. Please use this when you are sure and have proof like screenshots as evidence.
I could imagine there would be people who would report websites simply for disagreement about things such as freedom of expression, I'm of course not talking about people making art based on likenesses of people in real life or anything like that, when it's purely fictional in not just scenario but also with it's characters, human rights wouldn't logically apply to anyone besides the artist in question.
Userbenchmark is very malicious though, right?
@@DragonOfTheMortalKombat no its not, its just a benchmark for you pc
@@missevi313 no, it is a misinformation spreading platform banned from various forums for right reasons.
@@DragonOfTheMortalKombat lol no its not
Browsers should get built in report buttons I'm sure that would encourage way more people to report
i did find one in edge but it was just very hidden.
No... Well, I suppose browsers could add a button to report it to themself if they are willing to field the ridiculous number of reports that would generate before publishing them. But.. End users would basically spam it with false reports because they think a site is suspicious. It's worth noting that contacting a domain registrar, etc, Should Not be done unless you are sure that domain's owner is intending or allows the phishing or malicious activity - reports should usually go to the email providers and site contacts _first_. It is worth noting that submitting a false takedown to a domain registrar or ISP can lead to a criminal charge if the complaint is deemed fraudulent and/or being sued for damages if a reckless report causes a domain registrar to mistakenly take something down. The reporter assuming legal responsibility for what they write in their report and making sure to do so accurately are important requirements.
Most end users won't know how to gather and enter all necessary facts, then excess of reports would get backlogged to the point few are ever answered. Organizations' points of contact that deal with these are in a business of investigating and responding to abuse, not providing a customer service - a registrar's abuse contact may be a low-priority secondary job duty of a dozen or less admins.
Thus for end users.. you should mostly report malware or phishing to your IT or site Admin first, Or use the tools they've provided to report to them, but If this is a personal PC.. contact your Antivirus/phishing filter vendor, or Google (or Virustotal), and security vendors will share information, and it's plenty to report to one of those.
Most would probably just abuse it and false report people they don't like or some such
@@HowtoRadicalize yup
So people frustrated for whatever reason ( mostly not legit reason ) could do report revenge. I am not trying to be mean, your suggestion is great. My point is that we humans are a sack of emotions and irrationality.
I wanted add something since it wasn't mentioned. If the website has anything to do with AWS (hosting, database, etc...), you can forward the information to the AWS abuse email and Amazon can shut down their aws account which could be catastrophic for them.
@thgougler Which sounds a way quicker way than reporting to 20 differents websites, thank you ! Btw, how could you tell quickly if the website is actually using AWS services or not ?
@@jeromevoiron1137 whois
whois or nslookup
Yeah I went through AWS' verification process one time. I just wanted to see what services they had and maybe learn something and didn't expect a rigorous verification process. The idea "scammers need web hosting" didn't occur to me.
I imagine even if they spoofed their identity for that process somehow (e.g. with someone else's identity), it's still a PITA. Meanwhile for you it's just a quick form or two.
As someone who operates a hosting provider thank you for creating a video. Most people don't alert us whilst we can immediately take down a website instead of having to wait for all of the third-party providers to block the site. Going to the source directly will most likely resolve in quicker resolution of taking the site down and stopping toe scammers from stealing other peoples information.
I've tried contacting hosting providers directly and they have never taken a site down. They ask for too much information and proof of damages before doing anything. I'd prefer just dealing with the reports.
@@ananamusly never heard that. In the. Netherlands where we are located we are actively monitored by the gov and they force us to deal with cyber crime and may even hold us responsable for not dealing with it so most of us tend to block those sites.
In my case, they manage to take 12 K making believe it was a investment. I am an idiot.
The average person should be focused on accountability like this. Too many people think someone else will do it
I didn't even know that I could simply report a website like that, and it seems really easy. It's definitely a great idea.
@@CZghost so now are you trying to report every sites you found lol you won't get paid lol its time wasting
That will be so useful to nerf so many types of scams. I didn't even know this existed. You deserve a lot more subscribers because you always fight against scammers and hackers! Keep up your great work!
He nearly has 3 mil and got mentioned on every youtuber and their mother's channel with their antispam I think he's good
@hedwig7s He totally deserves 3 million also yes I have seen ThioJoe's anti-spam project being featured on even LTT's channel
@@hedwig7s just 1 mistake lol thats all it takes, it can be a BANK sending a bank statement as a pdf with password
and lets say he f3cked up in future and forgot to check the email or the email domains looks really convenient as chase bank or other banks
Soon as he opens the PDF, he's a GONER man. Even he can get TRICKED and HACKED. even if you're pro doesn't mean you aint worth getting attacked, just 1 mistake thats all, maybe his GF at his home using his PC for Gaming and try a cheatbot or idk anything while he's away from his Computer. Thats all it takes BRO. 🙄
The fact that we have to go to lengths like this to make sure people don’t get phished is unbelievable
Lengths like this? It's filling in simple online forms, it's not that much of a process. You make it sound like wasting a few minutes to take down malicious sites is an extremely arduous process. People these days really want 1-click solutions for literally anything...
@@revsnowfox5798 Yeah What the OP doesn't understand is the reason why there are so many services is because much of this stuff is regional and reporting takes time to propagate through various channels to ensure correct classification. Not to mention, the _numerous_ daily false flags they have to field.
A spread load is not only easier to manage, it also allows for cross-checking and confirmation between multiple parties. Reporting of this variety is more like a jury council reaching consensus based on how often you appeal to them rather than a central authority smiting webpages with the power of Zeus.
@@revsnowfox5798 There's like 20 different forms to report to, and for how many people are sending out phishing links and stuff, it's a lot easier to just ignore the site than fill out 20 forms. It's better to have the barrier set lower.
I agree, why is there no international internet safety organization /police that provides a report we can complete that will link to all security companies... like a WHO for internet or something.
@@cherrypoutines6269 Internet is still new - and international laws are difficult for every country to agree to. Only a couple forms will typically suffice this is just a guide to completely annihilate a site.
The DNS registering process by the scammers is automated. Scripts re-register on another domain in milliseconds. They'll update the URL in the video livestreams (such as Elon Musk crypto scams), Twitter post etc. To really hurt scammers, you need to hit their infrastructure and/or their money streams and/or visit them and take them down.
You're right, they will likely just set up a new site. But at least it will help the people that perhaps get a scam message and don't see it for several hours, and hopefully by the time the do, the site will be blocked.
@ThioJoe fully agreed. Reporting the scam website is always better than taking no action. Even if reporting resulted in one less victim, you already achieved your goal. Your viewers do have to understand that this is a surface-level impact for scammers themselves.
That involves getting your own hands dirty and possibly endangering your equipment and maybe even life. Wouldn't do that.
@@CZghost a small price to pay for the greater good
@@justarandompersoniguess your equipment/life=small price?? when another scam site would immediately take their place anyways???? what are u on
Scammers will just make a fake copyright strike to this video 😂
The information is already out there now 🧐
@@ThioJoe Already Downloaded The Video I Will Only Reupload It When That Happens.
@@ThioJoe I will download the video for save keeping just in case
@@ThioJoe I also downloaded it like other people and will also try to win the usb
@@ThioJoedownloaded too
This is great. Now imagine, if you made a tool, that would auto report the site to all the websites.
sadly many of them have captchas so bots cant submit reports
@@wojtekpolska1013 yeah I was afraid of that. But this video is still very informative and I'll be using all of the sites myself.
If anyone could do that it would be thio
Some of those report forms have capcha's, so that might not be possible.
yeah, like how theojoe made a program to report every scam comment
best feeling in the world is to see people get what they deserve
When I read the title, I was thinking more along the lines of DDOSing them... Would be ineffective but cooler
I saw in the screenshot that they're using CloudFlare as their name server so DDoSing isn't really an option. Besides, it's illegal and would probably get the DDoSer in trouble with their ISP
Registrars that will take a domain down on the strength of a report like this are few and far between. Scammers tend to register their domains with registrars who actively protect them or who have no process in place to take them down for abuse. There are two that I know of (I won't name them here to avoid being sued) that raise immediate red flags, as in I can be 99% certain that a domain registered with them is a scam domain.
i think u should give a few hints for us geeks to watch out for
you can't get sued for saying this kind of stuff btw
the reason ppl hide company names, is in case they work at the company and want to avoid getting fired. you can't get sued for simply saying something about a company that they don't like.
@@LinusTechTipsTemporary for me it was namescheap they wouldn't take down a domain being used to impersonate a bank page without a police report
@@wojtekpolska1013 Yes you CAN. They can sue you for defamation, and unless you can afford a lawyer that can get very expensive very quickly. If it reaches a court and you have a lawyer they will lose, but if you can't afford that lawyer you could lose even though your reporting was accurate.
@@FireAngelOfLondon I mean, you can be sued by any person for any reason. I’m pretty sure what they meant is that you can’t be legally liable for telling the truth. It takes a lot to prove defamation, at least in the US.
Either way, lots of states have Anti-SLAPP statutes for exactly this reason.
You are by far, THE most underrated UA-camr ever! Bro, u saved my butt more times than i can count, and apparently Linus' too. Please never stop for those of us that TRULY love the work you do.
Appreciate it! 😁
I found this video because I was looking up ways to report a malicious site. I just got done submitting to all of these. Thanks!
The thing that I've learned from this video: it would be great to have a single website that would take the report and then propagate it to the other websites, because it feels more like a chore than a simple task.
Sure, two independent reviews and bam they are gone.
I typically fire a report towards the dns registrar and the server hosting company (you can whois an ip to get an abuse email for it). The site in question is often down in a couple of hours.
- Losing access to the domain name means the links the scammers sent are now useless.
- Losing access to their servers may even cause them to lose data if they are a bit sloppy.
- Plus the registrar and hosting company are the only ones who really know who the scammers are. So *if* they address the issue, any further reporting is an exercise in futility.
Except there exist bulletproof hosters that will ignore abuse emails. They're rare in my experience, but your millage may vary. By a lot, probably. So this video is still pretty useful in that regard.
Phone scammers sometimes show up on networks that take action with proper reporting. As they get booted from one, another, and a third...eventually they end up on the ones that are more permissive in allowed activities and less permissive about actions taken. I get feedback from Verizon about a number of my reports having action taken.
If you want to do a follow up you should do one on how to report spam emails to vendors like AWS.
@ThioJoe : Excellent work Joe !!! 🙂🙂🙂
The only shame is that we sort of need to submit our malicious activity reports to all these sites individually. It would be so much better and easier if there was 1 centralized reporting point, and from there on allthe companies could use that to reference this data.
Absolutely BRILLIANT tutorial Theo, which I have already put to good use !
Thank you very much for taking the time to research and create this tutorial. Cheers mate 😍
I want to thank you for the great video. I am Editor in Chief of a respected journal from the USA. Uninformed authors where submitting articles to a bogus copy of our site and paying a large publication fee which our journal does not do. They stole all our credentials even our name. We followed your careful and meticulous directions. Very quickly we received word that this bogus site was labeled as malicious and phishing. I truly appreciate the time and care you put into this video! Thank you again!
You are a saint! Thank you! I just got scammed and I want to save others from getting scammed as well.
Which website?
@@Alina-hy4yg I can’t seem to find the actual website now but it was an email I got from “Freepeople” one word, pretending to be the clothing site. I ordered. stuff from them and it was not them…
in "Microsoft Edge, > ... > Help & Feedback > Report unsafe site"
will automatically open Smartscreen & fill in the URL.
in "Firefox, ≡ > Help > Report deceptive site"
will open Google safebrowsing.
Best part is you don't have to fill in anything to report this way.
Similar option should be available for every other browser too.
I recieved about 50 SMS's nonestop about a Netflix account recovery today (obviously fake). So I did report the URL and within 5 minutes, site was blocked by google safebrowsing (in firefox). Edge hadn't blocked it yet tho.
Thanks Joe.
This video deserves to be seen by everyone on this planet
I reported the malicious url and within 30 minutes Google Chrome blocked it. Thank you very much 👏👏👏
I can't wait for the next scammer to send me a malicious link.
Glad I found this video. I've noticed a new discord scam that's been going around where someone will randomly add you. and never actually talk to you.. and instead just have a profile description, with a link in there. And just.. hope that you're curious enough to click the link to see what it is. Scammers are getting more and more creative every day, so it's nice being able to take down scam links fairly easily
I really like that you made this video, and hopefully it will prevent many phishing attacks. But this won't stop phishing unfortunately, until the domain gets reported the damage is most likely already done and scammers can always register a new domain. Sadly scammers will always be out there scamming people, but raising awareness and reporting it like you showed here certainly helps!
Dude, thank you! This was awesome and I was able to accomplish in 24 hours what a whole company (the company being targeted/copied) couldn't for over a year!
You should be hired, by the top team of Google and UA-cam, for sure.
Fraud Detection Agency (if they have one)
No. Anyone with IQ over room temperature could figure this out
No, he shouldn't. His tips are way too powerful for Google to deserve him.
Keep in mind Google profits from scams. As they sell ads for the scammers. They don't appear to care as long as they get paid.
Thanks for this! I come across malicious domains a lot while scam baiting and thankful I know how to properly report them thanks to YOU
I nearly fell for this exact type of steam scam once.
The thing that saved me, was my password manager not auto filling my credentials, which made me suspicious and take a closer look.
Those things are really convincing these days.
So password managers can potentially prevent these types of scams too, never thought of that.
I’ve been doing this manually via various search queries, but having a video like this for reference beats that!
A few of my friends fell for this kind of BS. I know because I've had some send me requests for this. I've never signed in as I thought it was odd reading the terms of service prompted me to login. Thinking about it, I was tempted to challenge them to do an Overdrill in Payday 2 to put them through a nightmare that lasts over an hour to get them to miss their game. Anyway, I think I am going to share this with people to raise awareness.
Thank you for this thorough video, explaining each step. Someone used my kennel name and other breeder's pictures to set up a fraudulent website to collect deposits on puppies that did not exist. As I followed through your video, I used the sites to report the scammers. In the hour it took me report to each site I already had results coming in. Hopefully by tomorrow the website will be shut down.
Any tip on domains used for impersonating companies sending emails for fake UA-cam sponsors to get youtubers hacked?
They usually don't set any website on their domain and just set emails and when i report them to their registrar even explaining the whole situation, the registrar usually just responds backs saying "we couldn't find any infrining URLs".
Why nobody says how great he works to give us the best videos?
I never knew you could do that
i remember when i hated this guys guts, his fake help vids kept popping up instead of the real help vids, i had to memorize this guys channel so i could specifically avoid his trolls. he had already wasted about 30 minutes of my time. now i love him, im so glad he decided to used his skills for good instead of evil.
i made this comment before the thiojoe itself LOL
@@knightning3521 yeah, before he did that
One of the best videos you made Thio, not only you covered and altruistic topic in which you obviously put a lot of time and effort, you also made a video tutorial how everyone esle can chp-in too. The effect of this video will be enormous, you can be sure about that.
You are doing God’s work - thank you! I’ve reported some refund scam sites to Google and been ignored so now I know what to do to get them taken down.
finally I can take down those stupid websites that promises you "free robux"
bro.. i was literally taking down a free robux site like 5 mins ago.. how'd you know
Dunno if you're _the_ GOAT TJ, but you're definitely in the herd of GOATs. You've earned your keep.
We honestly need a streamlined method of reporting a site to one location with all the required info and it selects the needed info and send it to each reporting location... i get a scam texts every few days and am tired of having to go through every reporting site
Man, the edit on your videos reached peak really fast! I'm loving it: good, clean and useful.
Cheers from Argentina.
bro is absolutely anihilating that one singular domain
Much appreciated! Thanks for all your hard work, but how many people will watch the entire vid? This can't be good for your engagement stats.
Would be amazing if someone would write a script to automate submitting the sites to the security sites. I have also seen scam sites that use multiple domains via links as you go through the scam workflow or redirects. Would be great to be able to automate submitting a list of domains.
The problem is that many reporting websites require you to do a captcha verification. So you wont be able to fully automate it.
@janrappe chatgpt4
Good tips. I've had luck with various forms of spam and scams I get on my cell phone using a similar mindset; scammers' approaches toward what they send me have been changing as a result. Sometimes hard to determine what should get which reports as I don't always know it is a scam as I have limited interaction with them; some get minimal or no effort from me. As for direct shutdown efforts, I usually target URL forwarding/shortening services, email reply to points, and phone numbers to respond back to; this video's tips are directly on track for the custom URL reporting. Thank you.
I was getting constant phishing emails so did that your saying here and got the website shutdown :), if only every one was like us the scammer would be out of business:)
I think the reason that Chrome does not block the site right away is probably that Chrome would first need to update the local blacklist. So, this has noting to do with their infrastructure, but with the update cycle of your local Chrome installation. “Enhanced protection” would probably send each individual website you are opening to Google. The reason this is not enabled by default is probably privacy protection. If you enable “enhanced protection”, I expect that Google is technically able to track all sites you are visiting throughout the day and attach that to your advertisement profile. Even using incognito mode wouldn't change that. I don't know if they are doing it, but they could do that, and it would be impossible to check from anyone outside of Google. There was actually some controversy in Germany about a similar topic with Chrome. I am wondering if they actually introduced “Standard protection” and made it the default due to this controversy. (Maybe the controversy was exactly about this “enhanced protection” feature before it was optional. I don't know.)
BTW, I would kind of expect that some of these blacklists are synced with each other in regular intervals. I am not sure if you actually have to report the website on all sites individually.
At this point the scammers might just try to grab UA-cam with them if they go down! 😅
Got my first Steam scam in quite some time today. Gotta say, I was quite happy to put this video into practice.
Microsoft Defender 365 flags so many of these at my work. I think I'll start submitting them to these reporting agencies and get them taken down quicker.
Just used this video to report a steam phising site i found. Thanks a lot for putting a lot of work into these high quality videos
Great Video! I hope it helps people reporting such scam Websites
Excellent. I am now part of team 'Shut Them Down Now'. :)
Great useful practice for developing one's OSINT skills.
Hey Joe, I think if you can make the reporting software similar to your YT comment one, it would make the process super easy.
Not saying I'm lazy here but that would be useful
It’s a bit beyond my abilities
@@ThioJoe not without a collab
I appreciate your time and effort put into making all those informative videos. Keep up the good work !
Thanks for sharing. I was recently targeted with a pig butchering scam, and I want to fight back and and try to help other potential victims.
Idea: a script where you input the link of the website and it does this entire reporting process automatically.
I thought about it but it would be tough to make
@@ThioJoe I'm going to attempt to make one :)
@@chrissametrinequartz9389 its been a year, any news champ?
I remember being very sus of, basically, fake open source program websites. Scammers will pay for Google search result ad space, and imitate a popular open source programs website. I reported 2 ads for fake Blender web sites and 1 for a fake OBS website.
I suspect they give very "dirty" versions of the program you were told about. I never downloaded anything to see.
This feels like there is a need for a tool that lets you submit to all of these at once.
True 😅
But almost all of these forms have captcha requirements. I don't think this is possible to do
@@new_delhi you could do that by opening all of them with a filled form, then you just click the captcha and click the Send button and done
One of my friends almost fell for one of those "Can you vote for my e-sports team" scams a few weeks ago. I should share this video with her.
0:02 stock video😭
Yea, he uses stock stuff Alot
thank you for making this important video! it will help a lot of people out. every year I encounter 2 or 3 physhing, malware, or technical support your computer has a virus call now website. I never knew what to do after leaving these sites, but from now on I will do this reporting method. hopefully with more of us reporting these websites, they will become less common to encounter.
I hope this will be useful for me.
I've seen the same russian ads every damn time.
Elon Musk this Tesla X investing that.
It's getting tiring.
Thank you so much for this video! I just got a phishing link a few hours ago and now I'm following all the steps in the video to report the link.
And, the website did get taken down. So, I can confirm that following the steps in the video works!
I can't recommend blocking new domains as a tactic. This can have a dramatic impact on genuine businesses during their start up period, but it is still smart to check creation dates when finding a potential scam or fishing site.
It’s usually only 30 days. Usually a domain is the first thing a company buys, maybe before they even register the company. Shouldn’t have any effect on legitimate businesses for very long if at all.
@@ThioJoe Is 30 days a sufficient time length for these websites to be found, reported and taken down? if so, I may get that.
Thankyou for the site links!
i bookmarked them & will be using them.
There's too many "free game" steam fake accounts on tiktok & reporting them to tiktok had zero effect... "did not break community guidelines" 🙄
Now i'll report the sites they link in their bio by using your method!
Thanx again!
Scammers be like How DARE you!!
Thank you sooooooo much! It was already reported on one or two website so that is an improvement! Keep doing what you do best! Thanks!
Good video but unfortunately outdated. Rarely these days scammers use main URL. Instead they use couple of subfolders while the main address remains clean to the search tools. Subfolders are changed/deleted daily so by the time the report is processed, the url in invalid. It would be good to make a follow up vid on this subject.
Using the links to report the scam running on Linus Tech Tips Channel.. oh boy that cryto elon musk giveaway was sooo good!
Thank you for all the time you put into this. Much appreciated!
This will be great to use to get after those fraudulent sites that appear as Google Ads.
Thanks, I’ve been searching for a way to do so for a while now, now I can do it with ease
Bro, I remember trying to boost my wifi with an empty can of soda lololol. Been a fan for quite awhile. Much love from PA brother.
Thanks ThioJoe ! You are the best !
Most probably the person watching this video has no threat as they are smart enough. But we must report as a part of security of our friends and family.
I did this to a few websites and shockingly it did work after a few days. Hopefully saved hard working people some money from websites deliberately preying.
Thank you for this information. I have been at a loss on how to deal with this. I have tried the FBI and going to hosts directly and it has been useless. This feels fast more effective.
_This_ works on UA-cam as well.
If you find fake accounts, for example all those fake elon crypto streams, you can report them to UA-cam and have the content/channel removed.
UA-cam also sends a confirmation of removal. If everyone reports scammers/fake accounts when they find them, we can all help reduce their presence and success.👍🖖
**Do NOT false report channels. As a reminder, false reporting is a violation of UA-cam TOS**
First thought was how I could use this to shut down any random website.
awesome thats good way to get these scammers angry lol everyone should share this video to everyone so everyone on this planet knows how to do get scammers angry
I am bookmarking this video for ease of reporting. Thanks again
4 minutes late with other 380 viewers! I already knew that trick. But I didn’t know more anti viruses to report. Thank you ThioJoe!
Thank you for submission malicious/scam URLs :)
Web browsers should have a report option next to the green lock symbol. You can't expect normal users going through this process.
The video is great. My personal experience that registrar didnt make anything asking for court case. So the fake product inventory, missing product for delivery and stollen money was not enough. They just dont care
Anyrun need a _business_ email to register. I remember watching a video where a guy hacked into a scam Indian call center and made it so that they ended up calling only eachother. The place was massive and at one point, one of the scammers accused the other scammer over the phone of being a scammer and having a fake Indian accent. ROTF!
Thanks for this video, just reported a scam website that's spreading a cookie stealer disguised as a game
Thank you so much for this information, my Domain was hacked by a company I hired to built a website for me, after not delivering I asked for a refund. They hacked my domain and posted Adult Sex Toys on it. After following. your instructions on the video, it seems like all the bad sites are gone now. Thanks again.
Could you do a video on what’s good in Windows 10 and what’s bad in 11? Including the good features in 10 that will disappear from 11. I've heard of these but can't recall them all. I'm posting this request elsewhere as well.
AMAZING VIDEO!! so useful! i hope more people see and apply this
Thank you, we need more such videos on the internet/UA-cam
A lot of usps smishing scams are going out right now. Hope your video helps bring down few!
Excellent video! Great to see the whole process of filing reports to various companies. Thanks!
this channel is underrated
I wish there was a tool that would mass send the reports to the websites you mentioned.
I remember last year in the Summer of 2022 when I nearly got scammed out of my Steam account after one of my Steam friends showed me a link to some game tournament voting site. When I voted it, it went through. But then I raised a red flag after realizing there's fake game tournament voting sites after I looked it up. I had to change my password and reported the Steam user. (which already got put on private) I nearly lost my years of game collecting. But honestly, I'm pretty much overwhelmed with too many unplayed games anyway. I gotta layoff the retail therapy. Because you know what they say? old habits die hard.