Report a phishing result (2nd result from the top)

Iguana2991

Hi,

Today I tried booking tickets to the Louvre Museum in Paris.
I searched through Kagi louvre tickets as one does.

Old habits die hard, this time I clicked the second result, expecting the first one to be an ad or something (thanks Google for ruining my brain).

The problem is: the second result was a phishing website (most links don't work, some redirect to loouvre.fr which is not louvre.fr with only one o), etc.

Let me link a screenshot of the result page I got:

The first link is the official website louvre.fr, but the second one is the phishing website: tickets.louvre-paris.org, the content is really accurate, down to the ordering process which seems fine, but the payment step is not even a secured third-party platform...

I must admit I got caught in their web and even got my card stolen in the process (I'm in the process of locking and reporting everything).

Everything was fishy (pun intended). I was in a hurry and didn't notice it soon enough.

I'm going to report this website to the local authorities, but I guess the source referencing this phishing website this high must be checked out as well.

I didn't find any way of reporting a result through the basic Kagi experience so I came here to do so.
Feel free to redirect me to another platform if I'm not in the right place.

If you do find something suspicious about your source/why this result go so high, I would like to have some more info, I'm curious how this one got so high.

Please note that this result even has an URL starting with http (redirecting to a https of course). I would love a red warning sign warning me about this kind of results in Kagi, nowadays these are always considered a bad thing and I noticed it way too late.
This is the only Kagi-related issue I have with this whole thing, even the sourcing problem I don't think can be mitigated "easily". Don't worry, I still love Kagi.

I would have loved a warning sign alongside this fishy result (because of the http URL) or even that this result didn't show up at all thanks to the source you are using not including it, especially this high up!

RoxyRoxyRoxy

So sorry to hear about this. You're right in that accurately detecting and removing bad results at scale is a big task. I've forwarded the site in question to add to our downrank list. You're also not the first user I've seen wanting a bigger, redder warning sign about http:// sites, I'll see if we can get something added in that regard 🙂

Numerlor

RoxyRoxyRoxy I think just making the http in the link red would work nicely, may look a bit out of place but I guess that'd be its job

thomas-ebert

Shouldn't there be a button to report malicious content? I was shocked to find none...

I went to the first result in a search today, which seems like a small blog with a .org.uk domain, but redirects to a malicious ad/phishing site after a few seconds. Either it's a copy of an actual blog, or the original blog was hacked or the content is specifically generated to find victims.

Either way, I don't think Kagi wants malicious websites in its index, right?

I assume me downvoting the result for my own customisation won't trigger any kind of review?

RoxyRoxyRoxy

thomas-ebert We don't have an inline report flow at this time no, but if you wouldn't mind sharing the "blog" in question I can forward it to the index team for downranking.
You're right that blocking or downranking it yourself doesn't trigger a review; there is discussion on such a feature here, feel free to add your support on it!

wickerbox1234

There really should be a simple way to report phishing and malicious/misleading websites.

Probably the easiest way to implement this would be in the three dot menu, which in a way is not ideal as it would be hidden, but you don’t want people doing it by mistake.

I work in cybersecurity research so really believe that we need to be reporting these websites to keep everyone safe. I came across a suspicious website the other day and reported it directly to the NCSC (https://www.ncsc.gov.uk/section/about-this-website/report-scam-website), but not everyone will have the time or willingness to do this… and we want to encourage as much reporting as possible!

mtlynch

I just ran into a phishing site through Kagi results as well.

For the search puppy tails book jellycat, one of the top results is hxxps://www.jellycatofficialstore.com/product/puppy-tails-activity-book/ which is a phishing site impersonating jellycat.com.

Strangely, if I try to share my search, the fraudulent result does not appear: https://kagi.com/search?q=puppy+tails+book+jellycat&r=us&sh=AVKOCJEt6Dc0856GD_Wvog

The site does not appear in the first few pages of Google results for the same query, so Kagi appears to be incorrectly prioritizing a fraudulent site.

If you do a reverse DNS lookup of the fraudulent site, they're hosting several phishing sites that also appear in Kagi results.