From time to time, I receive very suspicious emails.  Disguising as a legitimate company sending a customer an email.  Usually, if you view the mail in html format, there is a button for you to click to view bill/service etc.  I dare to click the link and just delete the email.

However, I’ve been wondering what is actually waiting beyond the horizon.   There are many web based services available to satisfy my curiosity without risking jumping into the river.

phishcheck.me is one of them.  Their services are as follows;

About Phishcheck

Built for information security analysts, Phishcheck.Me is designed to quickly gather the information required to investigate a suspicious website. The PhishCheck system will visit the submitted URL, extract all the relevant information and display it in one place so Info Sec analysts can focus on what they do best.

Features

Handles common URL “defanging” techniques (meow://, hxxp[s]://, example[.]com)
Change browser user-agent in the Advanced options menu
Display host server information
IP Address
AS Number
IP Owner
IP Geographic Location (Approx.)
Whois Record
Record all HTTP requests
Check Google SafeBrowsing Reputation
Check PhishTanks Database Reputation
‘Phishy’ score calculated by PhishCheck’s custom classifier
Render a high resolution screenshot of the website

Known Issues

Certain webpages may cause screenshot capture issues. We’re working on them as they arise.  Screenshots Unavailable due to timeouts (Phishing webpages aren’t built for reliability)

When you go to the site, you can see what the others are checking.  Pink highlighted items are most likely phishing.

I show you 2 examples;

1. Block Fax Service Scam

2. HSBC Scam

Very well made, indeed.  Now, I understand what is waiting for me at the other side of the river.

Many of those fake emails try to lead me to the overseas Microsoft Sharepoint account.  However, it appears those Sharepoint accounts are monitored by Microsoft as I cannot see any screenshot provided by Phishcheck (either error or blank).  Hope Microsoft is doing the right thing.  17/08/17 Correction – I connected Sharepoint account using contained environment + browser.  It was leading me to download one small zip file containing malicious java script file.  So the Sharepoing account was setup for malicious intent.

Your comments are welcome (subject to moderation).  Nickname is allowed for comment posting, however, you must provide a valid e-mail address (will not to be displayed).  If you fill out Website box, website address will be linked on your name appeared on the comment.  As regard to the treatment of your e-mail address, please refer to ACE PRIVACY POLICY.