Frequently Asked Questions (FAQs)

How do you know about phishing victims?

The first and probably most important question that comes to mind is likely to be: "How do you know about phishing victims?"

Unlike other projects of, "I Got Phished" does not generate any data by itself. All data provided by "I Got Phished" originates from 3rd parties which considers "trusted IT-security researchers". While they feed information on phishing victims into the system, "I Got Phished" does not know how the submitter got the data, nor does project make any statements about the accuracy of the data provided.

How can I get notified?

"I Got Phished" notifies IT-security representatives and domain owners about phishing victims within their constituency, based on the domain name. If you are an individual (user), it is not possible to register your email address on I Got Phished. I Got Phished reports based on the domain name and not on an individual email address.

How does the notification work?

Once a new dataset has been added, "I Got Phished" notfies the security contact who registered on "I Got Phished" for the corresponding domain name, via email.

How can I report a phishing victim?

"I Got Phished" only accepts submissions from trusted IT-security researchers. If you believe you are eligible to submit data to "I Got Phished", feel free to contact me: (remove all capital letters).

What's the difference between I Got Phished and haveibeenpwned? does not only notify security representatives, but also email address owners if their email address was compromised in a data breach. "I Got Phished" notifes security representatives if a user within their constituency got phished in a phishing attack. These are usually phished credentials for corporate mail accounts.

Domain Vs. sub-domain

Only domain names can be registered on "I Got Phished", not sub-domains. This service uses the Public Suffix List to extract the parent domain from email adresses. Once a domain name is registered on "I Got Phished" you will automatically receive notifications for that domain name including any subdomains.

Is it possible to receive phishing notifications on a different email address than RFC2142?

If you contact (remove all capital letters) and ask nicely, I will check what I can do.

What's the email address from where I Got Phished will send notifications from?

I Got Phished is using the following sender email address when sending out notifications about phishing victims:

Sender name:I Got Phished
Sender email:igotphished [at] abuse {dot} ch

I have a Managed Security Service Provider

If you have a Managed Security Service Provider (MSSP) who should receive notifications on your behalf, please follow the following procedure:

  1. Sign up with a RFC2142 email address here
  2. Get in contact with me via email and inform me about the MSSP email address I should use for your domain name(s): (remove all capital letters)