Phishing Response Playbook
Complete step-by-step process from discovery to resolution.
Step 1: Verify
Confirm it's actually phishing targeting your brand. Check the URL, content, and whether credentials can be entered.
Step 2: Document
Capture evidence immediately: screenshots, HTML source, WHOIS records, hosting info.
Step 3: Report
- Submit to hosting provider abuse team
- Report to domain registrar
- Submit to Google Safe Browsing
- Notify your takedown provider
Step 4: Protect
Add phishing URL to internal blocklists. Alert affected customers if credentials may be compromised.
Step 5: Monitor
Track takedown progress and check for related threats. Attackers often run multiple sites.
Step 6: Document
Record timeline, actions taken, and outcomes for future reference and reporting.
Related Articles
- What is Phishing?
- Phishing Detection Techniques
- Incident Response Guide
- Case Study: Stopping a Phishing Campaign
Tools
Get Help
Our phishing takedown service handles this process for you.