π£ Phishing Is Half the Problem
Of the 1,637 scam reports currently tracked by YourScam.org, 836 are phishing attacks β making it by far the dominant threat category at 51% of all reports. Every single one has been verified through our automated intelligence pipeline.
But what makes this wave particularly dangerous isn't the volume β it's the technique. Scammers have moved beyond dodgy-looking domains. They're now hiding behind platforms you already trust.
ποΈ Trusted Platforms, Weaponised
Our data reveals a clear pattern: phishing pages are increasingly hosted on legitimate, well-known platforms. Here are the top platforms being abused right now:
| Platform | Reports | How It's Used |
|---|---|---|
| GitHub Pages (.github.io) | 11 | Free static hosting for fake login pages |
| Cloudflare Pages (.pages.dev) | 8 | Fast CDN-hosted credential harvesting |
| Weebly (.weebly.com) | 6 | Drag-and-drop fake sites mimicking banks |
| Framer (.framer.app) | 5 | Professional-looking phishing with animations |
| Netlify (.netlify.app) | 3 | Developer-oriented hosting for phishing kits |
| Vercel (.vercel.app) | 2 | Serverless phishing with custom APIs |
These aren't obscure services β they're platforms used by millions of legitimate developers and businesses. That's exactly why they work. Your browser won't flag them. Your email provider might not catch them. And the SSL certificate will show a reassuring padlock.
π Real Examples From Our Database
Here are some live phishing URLs detected by our OpenPhish intelligence feed:
- suporthub.framer.website β A Framer-hosted page impersonating a tech support portal
- adminnnnnweb.weebly.com β Weebly site mimicking an admin login panel
- srividya052.github.io β GitHub Pages hosting credential-harvesting forms
- claim-esl-msg.xyz β Domain designed to look like a legitimate claim service
Important: These URLs were live at the time of detection. Do not visit them. They are logged here for awareness and research purposes only.
π§ Why This Works
Traditional scam detection relies on domain reputation. When a phishing page sits on github.io or pages.dev, it inherits the trust score of the parent platform. This means:
- Email spam filters are less likely to block links to these domains
- Browser safe-browsing warnings may not trigger
- Corporate firewalls often whitelist these platforms
- Users see familiar brand names and let their guard down
π‘οΈ How to Protect Yourself
- Check the full URL, not just the domain β A page on github.io could be anyone's. Look at the full path and ask: does this make sense for who supposedly sent it?
- Never enter credentials via a link β If a message asks you to log in, go to the service directly by typing the URL yourself.
- Look for pressure and urgency β "Your account will be suspended in 24 hours" is almost always a scam.
- Report it β Forward phishing emails to
report@phishing.gov.uk, texts to 7726, and report on YourScam.org.
Data sourced from YourScam.org's live intelligence pipeline, powered by OpenPhish and JaffaAi analysis.