Phishing remains a problem for everyone and any tool that helps is valuable. This post was prompted by the ongoing usage of our free Phish.ly service that we see every day, as people discover the tool and derive enormous benefit from it.
If you want to evaluate a suspicious email right now, you need read no further. Just forward that email immediately to scan@phish.ly to get a response quickly from the service.
When we launched it in July 2020, in conjunction with urlscan, we simply wanted to provide a useful tool to everyone, whilst showing off the capabilities of both Tines and urlscan.
The Tines automation itself is beautifully straightforward, as you'd expect, and the integration with urlscan was incredibly easy. The two tools just keep working together, helping the community.
One other aspect of Phish.ly which might not be obvious is how it proves, once again, that no-code is absolutely viable in production on the web. Think about how much work would have been involved in developing, deploying and maintaining a traditional webapp to deliver the same benefits. Instead we have a single static info page, a Tines Story and the urlscan API tied together with a small amount of work, and still running completely reliably 18 months later.
Services like Phish.ly or our low-key TinesBot, which shares community threat intelligence, are part of a broader ecosystem of tools in the infosec community that we encourage you to explore, discuss, share and use.
p.s. If you want to learn more about Tines and urlscan, you can watch a recording of a webinar we did with them and Box here.