From time to time, I receive very suspicious emails. Disguising as a legitimate company sending a customer an email. Usually, if you view the mail in html format, there is a button for you to click to view bill/service etc. I dare to click the link and just delete the email.
However, I’ve been wondering what is actually waiting beyond the horizon. There are many web based services available to satisfy my curiosity without risking jumping into the river.
phishcheck.me is one of them. Their services are as follows;
Built for information security analysts, Phishcheck.Me is designed to quickly gather the information required to investigate a suspicious website. The PhishCheck system will visit the submitted URL, extract all the relevant information and display it in one place so Info Sec analysts can focus on what they do best.
Handles common URL “defanging” techniques (meow://, hxxp[s]://, example[.]com)
Change browser user-agent in the Advanced options menu
Display host server information
IP Geographic Location (Approx.)
Record all HTTP requests
Check Google SafeBrowsing Reputation
Check PhishTanks Database Reputation
‘Phishy’ score calculated by PhishCheck’s custom classifier
Render a high resolution screenshot of the website
Certain webpages may cause screenshot capture issues. We’re working on them as they arise. Screenshots Unavailable due to timeouts (Phishing webpages aren’t built for reliability)
When you go to the site, you can see what the others are checking. Pink highlighted items are most likely phishing.
I show you 2 examples;
1. Block Fax Service Scam
2. HSBC Scam
Very well made, indeed. Now, I understand what is waiting for me at the other side of the river.
Many of those fake emails try to lead me to the overseas Microsoft Sharepoint account. However, it appears those Sharepoint accounts are monitored by Microsoft as I cannot see any screenshot provided by Phishcheck (either error or blank). Hope Microsoft is doing the right thing. 17/08/17 Correction – I connected Sharepoint account using contained environment + browser. It was leading me to download one small zip file containing malicious java script file. So the Sharepoing account was setup for malicious intent.