Phishing messages are fraudulent messages designed to trick users into giving up sensitive information or installing malware. They are a common threat that everyone should be aware of. If you receive a suspicious email or text message that you believe to be a phishing attempt, it’s important to report it to the proper authorities.
How to identify phishing messages
Phishing messages often look very believable and will use branding from legitimate, trusted sources. However, there are some signs you can watch out for:
- Generic greetings like “Dear sir or madam”
- Spelling and grammar mistakes
- Threatening language demanding immediate action
- Suspicious links or attachments
- Requests for sensitive personal information
- Spoofed sender addresses
No legitimate organization will ever ask for your password, account numbers, or other sensitive information over email. If a message looks suspicious, don’t click on any links or attachments, and delete it.
Who to report phishing emails to
If you receive a suspicious email that appears to be a phishing attempt, you should report it to the following organizations:
The company or agency being impersonated
Most companies have online forms where you can report phishing emails impersonating their brand. This helps them track down fraudulent domains and emails misusing their name. Some examples include:
- Microsoft: You can forward any suspicious Microsoft-branded messages to [email protected].
- Apple: Report emails to [email protected].
- Amazon: Forward Amazon impersonation emails to [email protected].
- PayPal: Report phishing emails by forwarding them to [email protected].
Check the company’s website for specific reporting instructions. The faster they are alerted to fake emails using their branding, the quicker they can get them shut down.
Your email provider
Most email services like Gmail and Outlook allow you to report phishing emails directly from your inbox. Look for a “report phishing” or “report spam” button near the top of the message. This helps your provider identify and block malicious senders.
The Anti-Phishing Working Group
The Anti-Phishing Working Group is a global consortium that aims to combat cybercrime. They provide a centralized phishing reporting tool where you can report phishing attempts from any source. They use these reports to update blacklists and warn hosting providers.
The Federal Trade Commission
In the United States, you can report phishing and other online fraud to the Federal Trade Commission using their online reporting tool or by calling 1-877-FTC-HELP.
National cyber security centers
Most countries have computer emergency response teams (CERTs) that handle cyber crime reports. For example:
Check your national CERT’s website for instructions on reporting phishing and online fraud.
Your workplace IT department
If you received the suspicious message at your work email address, make sure to alert your IT security team. They can investigate internally and reinforce training if employees are being targeted.
What details to include
When reporting phishing emails, include as many details as possible:
- The full email headers
- Screenshots of the email
- The sender address
- Links contained in the email
- Attachments
- Information requested
- Date/time received
This helps investigators trace the source of the phishing attack and identify compromised infrastructure being used in the scam. Do not click on links or download attachments as they may contain malware.
Ways to stay safe from phishing
Here are some tips to protect yourself from phishing attacks:
- Never click links or attachments from unknown senders
- Always verify a sensitive request by contacting the company directly
- Watch for poor spelling and grammar
- Do not reply to suspicious messages, even to unsubscribe
- Pay attention to links – hover to see the real destination
- Install anti-phishing browser extensions or email filters
- Report all suspicious emails, even if you’re not sure
- Keep software up-to-date and use strong unique passwords
Phishing statistics
Phishing attacks are a growing threat. According to APWG Phishing Activity Trends Reports, there were 1.7 million phishing websites identified in the first quarter of 2022. Some additional statistics:
| Year | Number of Unique Phishing Websites Detected (approx.) |
|---|---|
| 2015 | 1.2 million |
| 2018 | 182,000 |
| 2019 | 240,000 |
| 2020 | 418,000 |
| 2021 | 638,000 |
These numbers show phishing attacks are sharply increasing each year. The potential damage makes awareness and quick reporting critical.
Legal consequences of phishing
Phishing scams are illegal. Depending on the specific circumstances and jurisdictions, penalties may include:
- Fines up to $250,000 per phishing message
- Up to 5 years in prison
- Civil lawsuits from brands being impersonated
- Lawsuits from scam victims
- Internet service being terminated
- Additional charges if identities stolen are misused
While phishers are typically anonymous and difficult to trace, law enforcement sometimes conducts crackdowns and arrests cybercrime groups behind these scams. Victims who lose money can also pursue civil lawsuits.
Protecting your community
You can help protect your friends, family, and colleagues by sharing phishing awareness. Some ideas include:
- Guiding less tech-savvy users on identifying scams
- Posting about latest phishing tactics on social media
- Reporting fake social media profiles impersonating people
- Volunteering to teach internet safety classes
- Asking organizations to offer phishing simulations and training
- Reporting dangerous websites to hosting providers
If people understand common phishing techniques and report all suspicious messages, we can try to stem the rising tide of these attacks.
Conclusion
Phishing scams can lead to identity theft, financial loss, and malware infections. If you encounter a suspicious email, report it immediately to the company being impersonated, your email provider, and cyber crime authorities. Information like full headers and screenshots can help investigators take down phishing infrastructure faster. With vigilance and timely reporting, we can try to stay ahead of criminal schemes aiming to trick and exploit people online.