PDF download Download Article PDF download Download Article

Phishing is a tactic used by criminals to gather personal information in an attempt to commit identity theft. If you suspect a phishing attempt, it's important that you report it to the proper authorities. We'll show you how to properly report phishing attempts before unsuspecting users become victims.

Part 1
Part 1 of 3:

Protecting Yourself from Phishing

PDF download Download Article
  1. Check email addresses carefully and don’t open an email that looks suspicious. [1] Be suspicious of emails from people or organizations you do not know or have not done business with.
    • You can also identify phishing emails by the messages contained in the body of the email. They often claim that your account has been compromised and invite you to click on a link to confirm your identity. Or, they claim your account has been overcharged and that they need you to call them. [2]
    • If you do open an email, don’t download files, click on links, or respond. [3]
  2. If you need to contact a company and provide personal information, choose to do so over the phone rather than through email. [4]
    • Don’t just call the phone number provided in the email. Look at prior correspondence, or do a web search, to check whether or not the phone number in the email is the one you should actually call. [5]
    • Also don’t enter personal information into an embedded form. A reputable company would never ask you do to that. [6]
    Advertisement
  3. You should also have an updated software security package that includes anti-virus and spyware detection features. Make sure that you download the most recent security patches. [7]
    • Services like Norton AntiVirus or McAfee cost between $30-100 a year. [8]
    • Be sure to perform financial transactions only on an encrypted, secure web page. You can tell a page is secure by looking for a closed padlock on the status bar and checking for a URL that begins with “https” instead of “http.” [9]
  4. APWG is a consortium of law enforcement, financial institutions, research and security companies, Internet retailers, and service providers. They share phishing and spoof email information among member organizations, and they spread awareness of new threats to the Internet community. They keep a list of current phishing attacks. [10]
    • You can visit their website here .
  5. Advertisement
Part 2
Part 2 of 3:

Reporting Phishing

PDF download Download Article
  1. Most reporting agencies will instruct you to forward the original email when you report a phishing scam. Although you do not need to open these emails, you do not need to delete them either.
    • You can also take a screen shot of the email on your cell phone in case the email is subsequently deleted.
  2. Scammers often pretend to be other individuals or businesses. You should contact the spoofed entity and let them know that someone is impersonating them.
    • The company or individual may wish to pursue a lawsuit.
  3. ISPs try to filter out what appears to be a phishing attempt. Accordingly, you should inform them so that they can update their firewall and prevent the same scammer from targeting more people.
    • Your ISP is the company that provides you with internet access. [11] Check your bill. If you use free Wi-Fi provided by a business, university, or building management company, then alert someone who works with the organization.
  4. There are many government organizations you can contact to report a phishing scam. Before contacting them, gather necessary information: your contact information (phone number and mailing address), the name of the individual or business being defrauded, and the telephone number and website address given in the email.
    • You can contact the FBI’s Internet Fraud Complaint Center at www.ic3.gov . Your complaint will be processed and then forwarded to the appropriate authority.
    • Notify the Federal Trade Commission. While they cannot help individual cases, their Consumer Sentinel complaint database provides information to law enforcement worldwide. Forward phishing emails to spam@uce.gov.
    • File a complaint with the United States Computer Emergency Readiness Team at their US-CERT site . Their function is to respond and defend against cyber-attacks of all kinds.
  5. Advertisement
Part 3
Part 3 of 3:

Responding to Identity Theft

PDF download Download Article
  1. If you accidentally provided personal information and become a victim of identity theft, you should immediately contact the businesses where the fraud occurred.
    • Ask to speak to the company’s Fraud Department and report the fraud.
    • Ask the company to freeze your accounts. In this way, you will immediately halt any fraudulent transactions.
    • Reset PINs, passwords, and logins.
  2. Call TransUnion (800) 680-7289, Equifax (800) 525-6285 or Experian (888) 397-3742 and request a fraud alert on your credit report. This alerts the bureaus of possible phishing activity and prevents anyone from opening new credit accounts in your name. (Note: The bureaus share information, so 1 request will result in notification to all 3.)
    • A fraud alert is free.
    • Also pull your credit report and go through it, looking for other fraudulent loans taken out under your name.
  3. You will want to stop anyone from accessing your online checking or savings accounts, or from using credit cards issued by your financial institution. Change your online logins and passwords.
  4. Go to your local police station to report identity theft. Be sure to bring the following:
    • government-issued photo ID
    • proof of address (such as a utility bill or rental agreement/mortgage statement)
    • proof of the theft (bills, IRS statements, etc.)
    • a completed copy of the FTC Identity Theft Affidavit
    • a downloaded copy of the FTC Memo to Law Enforcement .
  5. Advertisement

What Are Smishing and Phishing?


Expert Q&A

Ask a Question
      Advertisement

      Tips

      • If you make any phone calls as you report a phishing attack, write down the date, time, name and contact information of the person you speak with as well as a synopsis of your conversation.
      • Each agency you contact will have unique reporting requirements. Follow their instructions carefully. Keep copies or screen shots of all letters and forms relating to your case.
      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!
      Advertisement

      About This Article

      Article Summary X

      To report phishing, start by keeping all of the suspicious emails you receive, even if you don't open all of them. Next, forward the emails to your internet service provider so they can update their firewall and prevent others from being targeted by the spammer. Then, if you want to report the scam to the authorities, contact the FBI’s Internet Fraud Complaint Center by accessing the FBI's website. You can also file a complaint with the United States Computer Emergency Readiness Team at their US-CERT site. For tips on protecting yourself from phishing, read on!

      Did this summary help you?
      Thanks to all authors for creating a page that has been read 53,878 times.

      Reader Success Stories

      • Don Waterbury

        Feb 1, 2017

        "I went to APWG, and it had a large amount of helpful info. I sent this info to friends to use."
      Share your story

      Did this article help you?

      Advertisement