This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How can i report a phishing site that is not being currently blocked by Phishing protection?

more options

Hi.

I received a phishing site through email that is not being currently blocked by the phishing protection that I know Firefox provides me with. I would like you to please let me know how can I report it in order to have it blocked as soon as possible so other people can be protected from being fooled.

Fake site: http://bancobcr.net/

Original Site: http://www.bncr.fi.cr/BNCR/Default.aspx

Looking forward to your reply.

Hi. I received a phishing site through email that is not being currently blocked by the phishing protection that I know Firefox provides me with. I would like you to please let me know how can I report it in order to have it blocked as soon as possible so other people can be protected from being fooled. Fake site: http://bancobcr.net/ Original Site: http://www.bncr.fi.cr/BNCR/Default.aspx Looking forward to your reply.

All Replies (14)

more options

Go to Help >> Report Web Forgery…

more options

i am not sure if either site is "phishing" in terms of the definition.

but you would contact the bank.

try a direct message via twitter account: https://twitter.com/bnmascerca

of if you are a customer, then log in the usual way, insuring that http turns into https , then send an email to them.

more options

Thanks TyDraniu so much for your reply. Do you know if Is there an estimated time in which a site will be blocked after the report?

Izmjenjeno od strane Friheinzen

more options

you're welcome.

for now, you as a customer cannot be 100% positive that the site you think is phony is not actually valid for the bank.

you see, the site you think is phony is actually a shorter URL, which is beneficial for the internet. while the longer URL may be old technology for the bank that they will be phasing out.

so my suggestion is to simply send a courtesy notification to the bank and see what they will tell you, if anything.

in the meantime, continue to use your trusted method for logging in and out of the bank.

more options

Thanks databaseben.

I did so, the bank confirmed this is not their legitimate site nor belongs to them, so basically is illegal or at least non authorized.

What I want to do here is, in order to keep the spirit of securing our browser, report the site so Firefox can alert potential victims, in addition to any countermeasure the bank can take.

more options

Well, its pretty odd that the bank is not doing this for you.

But here is a google search page with how we handle it here in the united states.

Ultimately, try reporting it to the FTC, Federal Trade Commission.

The phony page is considered "Spoofing"

more options

here is more info on http://www.bncr.fi.cr/BNCR/Default.aspx:

Domain Name: BNCR.COM Registrar: NETWORK SOLUTIONS, LLC. Sponsoring Registrar IANA ID: 2 Whois Server: whois.networksolutions.com Referral URL: http://networksolutions.com Name Server: NS.BNCR.FI.CR Name Server: NS2.BNCR.FI.CR Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Updated Date: 15-jun-2017 Creation Date: 22-mar-2002 Expiration Date: 22-mar-2022

>>> Last update of whois database: 2017-07-21T15:22:25Z <<<

more options

Here is more info on http://bancobcr.net/:

Domain Name: BANCOBCR.NET Registrar: GODADDY.COM, LLC Sponsoring Registrar IANA ID: 146 Whois Server: whois.godaddy.com Referral URL: http://www.godaddy.com Name Server: NS11.DOMAINCONTROL.COM Name Server: NS12.DOMAINCONTROL.COM Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Updated Date: 19-sep-2016 Creation Date: 19-sep-2016 Expiration Date: 19-sep-2017

>>> Last update of whois database: 2017-07-21T15:19:40Z <<<

more options
more options

I think you are right about the phony site. While everything is similar between both sites, the login page is the key difference between them.

Seems the phony site hasnt built a login page yet. But if they do, then what will occur is that people will enter their login information thinking its for the bank. But instead its being recorded by the thieves.

And the phony login page will then come back and say wrong log in and to provide more information. Which is phishing.

But I would contact the top guy at the bank. Since I dont know how to read the language on the official webpage, maybe you will have better luck at finding where the executive office is. Or if you live in the country and can walk into the bank, make copies of these posts on this thread and show them to an executive. In other words, "raise hell" !!

-)

let me know what you will do!

more options

I also found this forum for godaddy, ie the company that is renting out that phony url.

Go here, like you did here at fire fox, and inquire on how to report illegal activities via their domain registration services:

https://www.godaddy.com/community

more options

i reported the issue to google for you. good luck and keep us aprised of your good deeds!!

more options

Again, thank you so much databaseben.

I will keep the contact to the bank so I can provide as much info as possible to help. All the data you have just shared has been really useful to me.

more options

You're welcome.

We are helping others from becoming victims.

Thanks for caring!

ps: After thinking about this issue, I think your bank and our governments cant do anything because the phony site may be located in Russia or China or Turkey.

At best, Google and GoDaddy are the ones empowered to block the site world wide. But when one site goes down, another one usually pops up.

So dont waste time contacting your bank. Instead go to GoDaddy forums and bring this issue to light because they dont know about this yet.

~dbben.