You may enter additional information such as parts of the email which contained the URL, and/or by specifying a targeted victim organisation of the phishing URL. All data you enter, along with your SWITCHaai attributes and the IP address you are using, referred to below as "your data", can be read by SWITCH. SWITCH considers all your data as your personal data and will not disclose it, except for:
- the phishing URL,
- the targeted victim organisation,
- technical information in email header lines such as mail host identification, timestamps, or message IDs.
Use of your data
If your data does contain a verified phishing URL or a relevant indicator of compromise, SWITCH may use your data for the purpose of fighting phishing. SWITCH may in particular:
- forward the reported URL to other organisations known to be fighting against phishing, including – but not limited to – CERTs/CSIRTs, the anti-virus industry, law enforcement agencies, the Anti-Phishing Working Group;
- notify security contacts at peer organisations, if your data indicates that their infrastructure has been used or abused for phishing, for the purpose of helping them detect potential abuse on their site;
- notify the organisation that is the target of the phishing attack.
SWITCH may keep your data as long as appropriate and in accordance with the limits set down by law.
Thank you for helping SWITCH in the fight against phishing!