We define phishing as an attempt to impersonate a site operated by an organisation with which the victim of the phishing attempt has an existing relationship, in order to obtain passwords or other personal information for use in some type of fraud.
When using Safari or other browsers, tap the 'share' icon, then tap the 'Report Phishing' option. Or, to report a phishing message in iMessage, long-press the message, tap 'Copy...', then tap the Netcraft icon.
There are many tricks that fraudsters use to make their sites seem genuine. Some things to watch out for are (but not limited to): subtle spelling or grammar mistakes, a sense of urgency, asking to reply with sensitive information, and a suspicious URL that does not resemble that of the impersonated company's website.
In the Netcraft app, simply tap the report (clipboard) icon in the home screen. Or, from a browser, find the 'share' option, and share the site with the Netcraft app.
You can also use report.netcraft.com to report malicious sites from any device.
Cryptocurrency miners use your device's processing power in order to mine cryptocurrency. The Netcraft app blocks non-consensual cryptocurrency miners on Android.
Credit card skimmers use malicious code to steal credit card details from unsuspecting customers. The Netcraft app blocks sites containing credit card skimmers on Android.
The size of the iOS app can vary based on your device, as the App Store dynamically adjusts the app download to match your device. In addition, the disk space used by the app can also vary based on the feeds you're subscribed to. Typically the size of the iOS app once installed and configured is 80–95MB.
The size of the Android app is significantly smaller than the iOS app, due to a simpler protection mechanism. This means savings can also be made by not needing to include instructional videos showing the user how to enable the app. Typically the size of the Android app is between 2–6MB.
Unfortunately caller IDs are relatively easy for a fraudster to fake. This makes blocking calls or messages by caller ID tricky, as it can become difficult to distinguish between a fraudster using a faked caller ID and an official company using a legitimate caller ID.
For example, if you received an SMS message from a fake 'Example Bank', it is difficult to block that caller ID without also blocking all calls and SMS messages from the legitimate 'Example Bank'.
Our feed is licensed by major web browsers, leading anti-virus companies, web hosting providers and many others.
The Netcraft anti-phishing browser extension provides comprehensive site information and phishing protection when browsing the web. Users can also use the extension to report URLs they believe to be malicious to Netcraft. More information can be found here.
The 'First Seen' date corresponds to the first month in which the site appears in the Netcraft Web Server Survey. Thus, towards the end of a month, it may be possible to see some sites where the 'First Seen' date appears to be in the future.
There are several reasons why you may receive a warning about a website you know to be harmless. The Extension has several built-in safety checks that will alert you if a URL contains suspicious characters, or a page is possibly susceptible to Cross-Site Scripting (XSS) attacks. In these cases, if you are sure that the website poses no threat, you can ignore the warning by clicking 'Yes' to the warning dialog. If you believe that the Extension has incorrectly classified a safe site as a phishing attack, you can let us know by using the 'Report Incorrectly Blocked URL' link on the Extension menu. You can also access the form directly. The Extension will only ever warn you about suspicious websites by displaying a warning dialog; it will never cause the site to stop responding or display a 'file not found' page. Please be certain that the Extension is displaying such a warning before contacting us.
The Risk Rating displayed by the Netcraft Extension offers a further level of protection against new sites that are not yet in Netcraft's database. A lower risk rating is better as it indicates lower risk. Although some sites contain entirely benign content, the Netcraft Extension may assign a high Risk Rating because it could be hosted under a newly registered domain, the site may have never been seen in the Netcraft Web Server Survey before, or the network hosting the site may have hosted a number of fraud sites in the past. Many other factors are also taken into account. Hosting a web site on an unusual port number will also increase the Risk Rating, as will hosting a site from a raw IP address, as many phishing sites employ this tactic. The Risk Rating can be calculated fast enough to be performed for arbitrary sites as people visit them, and does not rely on manual categorization.
No — Netcraft has no way of knowing which pages an individual user visits when using the Extension. We do, however, collect the hostnames of the websites visited by our users in order to provide website popularity ranking information. In order to protect the privacy of organizations' internal networks, the Netcraft Extension does not transmit information about sites on IANA private addresses. This feature, however, is only present in the Firefox version of the Extension.
Many people and organisations do not host their own websites directly, but instead use a variety of third-parties to provide their website and associated services. One common technique for high-volume websites is to use a Content Delivery Network (CDN). Also, the site report may list companies such as hosting providers, domain registrars, the Internet Service Provider (ISP) that provides the IP address, and more. Most, if not all, of this information can be found in publicly available sources.
'New Site' means the site you are currently visiting has not been seen before by the Netcraft Web Server Survey. This indicates that the site is very new and should be considered less trustworthy than other sites, since most phishing sites spring up overnight and disappear just as quickly.
The Domain Registrar, Organisation, and Nameserver Organisation fields in the Site Report are only maintained for websites with a Site Rank higher than 1 million. Sites not in the top 1 million may display a value of 'unknown' if we do not have up-to-date information available.
Before reporting any bugs, please ensure that you are using the latest version of the Netcraft Extension. In Firefox users can check for updates by selecting Tools > Extensions from the Firefox menu and right clicking on the Netcraft Extension. In Google Chrome and Opera the same can be done by navigating to the extensions page and clicking on 'Update extensions now'. In Microsoft Edge open up the 'Windows Store' from the Start menu, click the top-right options button and select 'Downloads and updates'; from there you can click 'Get updates' to ensure everything is up to date. If the bug persists please report it here.
The Extension displays the location of a site's IP address based on the information provided by your computer. If your local DNS cache was 'poisoned' such that the a web site pointed to an IP address located in Russia, then the Extension would report the site as being located in Russia.
The Netcraft Extension functions correctly with ordinary web proxies. A small number of Internet Service Providers (ISPs) use transparent proxies to route your web page requests. This could cause the Extension to report a web site as belonging to your ISP, however, this is quite a rare occurrence.
Domains visited by the anti-phishing community are collected anonymously and used to produce a list of the top 100 most visited websites. These rankings depict an accurate view of the most popular web sites viewed by users of the Netcraft Extension.
The Netcraft Extension is available for Mozilla Firefox, Google Chrome, Opera and Microsoft Edge; no other web browsers are supported at this time.
A shopping site skimmer is a malicious script that steals your payment card information when you checkout on an online store, and sends it back to a fraudster to use later. Netcraft finds and detects shopping site skimmers on the Internet and blocks them in the Extension.
A web miner, or cryptojacker, is a malicious script inserted by hackers into a website that lets them mine for cryptocurrency on your computer without your consent. Browsing a website with a cryptojacker can often slow down your computer by consuming its resources. Netcraft finds and detects cryptojackers on the Internet and blocks them in the Extension.
If your Extension is appearing as 'offline', please try the following solution:
- Type 'about:config' into the address bar and press return.
- Type 'browser.offline' into the 'Filter:' field.
- Right-click on the 'browser.offline' item in the list, and click on 'Toggle' to set this value to 'false'.
- Close the tab.
The Extension should now work as intended.