Free Phishing Websites

CanIPhish maintains an ever-evolving library of free phishing websites that update with the latest trends. Don't just take our word for it. Please take a look at some of the websites in our library!

Gray dot header

The goal of phishing websites

Phishing websites typically have a common set of goals. They're designed to steal or capture sensitive information from a victim. Cybercriminals commonly attempt to harvest credentials or steal credit card information to meet these goals.

Cybercriminals will commonly combine phishing websites with phishing emails to lure victims. Phishing emails will typically be personalized and paired directly with a relevant phishing website. The websites themselves can either be a single phishing page or a complete copy masquerading as a legitimate website. The type of phishing website created will vary depending on the cybercriminal's goal and the defensive controls in place, which may hinder them from meeting this goal.

Equipped with this information, look at the library of free phishing websites offered by CanIPhish and see if you'd fall for the phish! Are you looking for a free phishing link generator? Please create a free account and look at the unique ways we generate and obfuscate phishing links!

Blank Webpage Page
A blank webpage which redirects after 1 second to a specified education website. This page is used to capture the click interation.
OneLogin Webpage Page
Masquerading as the OneLogin portal.
User Awareness Training Page
User awareness training page displayed upon target compromise.

The Importance of Phishing Links, Websites, and Pages

Are you looking for more information on how attackers create enticing phishing links, phishing pages, or full-blown phishing websites? These topics are shrouded in mystery, but the team at CanIPhish has performed exhaustive research to provide you with the answers you need.

Phishing Links

When creating or generating phishing links, two complications need to be overcome.

Firstly, we need to ensure that phishing links look attractive to potential victims. To do this, we need to ensure there is some level of personalization. We want to ensure that the beginning of the link contains something familiar, perhaps a sub-domain that directly references the service or website being masqueraded.

Secondly, we need to ensure the phishing link doesn't get blocked by popular browser-based protection tools such as Google Safe Browsing, Microsoft SmartScreen, and much more. If a victim can't see the intended phishing page, then it's of no use. Phishing links need to use various evasion techniques such as randomisation, single-use detonation, and much more to evade browser-based protections.

To learn more about the importance of phishing links and how you can get started, see our blog on phishing websites that evade threat detection.

Phishing Pages vs Phishing Websites

One of the first questions you should ask yourself when creating a phishing website is whether you need to duplicate the entire website or if you only need to make a single phishing page.

This requirement is defined by the type of phishing attack you're performing and what the end goal is. If you just want to harvest user credentials, then a single webpage masquerading as the login page will meet your needs. If you're looking to duplicate the end-to-end workflow of a banking transaction, then perhaps you need to create a complete duplicate of the website.

At CanIPhish, we focus on only creating single phishing pages. We've found that creating complete duplicates of a website can be troublesome and near impossible to maintain. Should a provider make a single change to a web API, redesign a page, or make one of a thousand different types of changes, your full copy will be out-of-date and potentially ineffective.

To learn more about how you can create phishing websites and pages, see our blog on how to create a phishing website.