Phishing is a tactic used by criminals to gather personal information in an attempt to commit identity theft. If you suspect a phishing attempt, it's important that you report it to the proper authorities. We'll show you how to properly report phishing attempts before unsuspecting users become victims.
Steps
-
Refuse to open suspicious emails. Check email addresses carefully and don’t open an email that looks suspicious. [1] X Research source Be suspicious of emails from people or organizations you do not know or have not done business with.
- You can also identify phishing emails by the messages contained in the body of the email. They often claim that your account has been compromised and invite you to click on a link to confirm your identity. Or, they claim your account has been overcharged and that they need you to call them. [2] X Trustworthy Source Federal Trade Commission Website with up-to-date information for consumers from the Federal Trade Commisson Go to source
- If you do open an email, don’t download files, click on links, or respond. [3] X Research source
-
Communicate personal information only by phone. If you need to contact a company and provide personal information, choose to do so over the phone rather than through email. [4] X Trustworthy Source U.S. Securities and Exchange Commission Independent U.S. government agency responsible for regulating the securities industry, which includes stocks and options exchanges Go to source
- Don’t just call the phone number provided in the email. Look at prior correspondence, or do a web search, to check whether or not the phone number in the email is the one you should actually call. [5] X Research source
- Also don’t enter personal information into an embedded form. A reputable company would never ask you do to that. [6] X Research source
Advertisement -
Install a firewall and a spam filter. You should also have an updated software security package that includes anti-virus and spyware detection features. Make sure that you download the most recent security patches. [7] X Trustworthy Source U.S. Securities and Exchange Commission Independent U.S. government agency responsible for regulating the securities industry, which includes stocks and options exchanges Go to source
- Services like Norton AntiVirus or McAfee cost between $30-100 a year. [8] X Research source
- Be sure to perform financial transactions only on an encrypted, secure web page. You can tell a page is secure by looking for a closed padlock on the status bar and checking for a URL that begins with “https” instead of “http.” [9] X Trustworthy Source U.S. Securities and Exchange Commission Independent U.S. government agency responsible for regulating the securities industry, which includes stocks and options exchanges Go to source
-
Visit the Anti-Phishing Working Group (APWG). APWG is a consortium of law enforcement, financial institutions, research and security companies, Internet retailers, and service providers. They share phishing and spoof email information among member organizations, and they spread awareness of new threats to the Internet community. They keep a list of current phishing attacks. [10] X Trustworthy Source U.S. Securities and Exchange Commission Independent U.S. government agency responsible for regulating the securities industry, which includes stocks and options exchanges Go to source
- You can visit their website here .
-
Keep all suspect emails. Most reporting agencies will instruct you to forward the original email when you report a phishing scam. Although you do not need to open these emails, you do not need to delete them either.
- You can also take a screen shot of the email on your cell phone in case the email is subsequently deleted.
-
Contact the company or individual being spoofed. Scammers often pretend to be other individuals or businesses. You should contact the spoofed entity and let them know that someone is impersonating them.
- The company or individual may wish to pursue a lawsuit.
-
Forward the email to your Internet Service Provider (ISP). ISPs try to filter out what appears to be a phishing attempt. Accordingly, you should inform them so that they can update their firewall and prevent the same scammer from targeting more people.
- Your ISP is the company that provides you with internet access. [11] X Research source Check your bill. If you use free Wi-Fi provided by a business, university, or building management company, then alert someone who works with the organization.
-
Contact the authorities. There are many government organizations you can contact to report a phishing scam. Before contacting them, gather necessary information: your contact information (phone number and mailing address), the name of the individual or business being defrauded, and the telephone number and website address given in the email.
- You can contact the FBI’s Internet Fraud Complaint Center at www.ic3.gov . Your complaint will be processed and then forwarded to the appropriate authority.
- Notify the Federal Trade Commission. While they cannot help individual cases, their Consumer Sentinel complaint database provides information to law enforcement worldwide. Forward phishing emails to spam@uce.gov.
- File a complaint with the United States Computer Emergency Readiness Team at their US-CERT site . Their function is to respond and defend against cyber-attacks of all kinds.
-
Call companies where fraud occurred. If you accidentally provided personal information and become a victim of identity theft, you should immediately contact the businesses where the fraud occurred.
- Ask to speak to the company’s Fraud Department and report the fraud.
- Ask the company to freeze your accounts. In this way, you will immediately halt any fraudulent transactions.
- Reset PINs, passwords, and logins.
-
Inform the credit bureaus. Call TransUnion (800) 680-7289, Equifax (800) 525-6285 or Experian (888) 397-3742 and request a fraud alert on your credit report. This alerts the bureaus of possible phishing activity and prevents anyone from opening new credit accounts in your name. (Note: The bureaus share information, so 1 request will result in notification to all 3.)
- A fraud alert is free.
- Also pull your credit report and go through it, looking for other fraudulent loans taken out under your name.
-
Alert your financial institution. You will want to stop anyone from accessing your online checking or savings accounts, or from using credit cards issued by your financial institution. Change your online logins and passwords.
-
File a police report. Go to your local police station to report identity theft. Be sure to bring the following:
- government-issued photo ID
- proof of address (such as a utility bill or rental agreement/mortgage statement)
- proof of the theft (bills, IRS statements, etc.)
- a completed copy of the FTC Identity Theft Affidavit
- a downloaded copy of the FTC Memo to Law Enforcement .
What Are Smishing and Phishing?
Expert Q&A
Tips
- If you make any phone calls as you report a phishing attack, write down the date, time, name and contact information of the person you speak with as well as a synopsis of your conversation.Thanks
- Each agency you contact will have unique reporting requirements. Follow their instructions carefully. Keep copies or screen shots of all letters and forms relating to your case.Thanks
References
- ↑ http://msisac.cisecurity.org/newsletters/2013-04.cfm
- ↑ http://www.consumer.ftc.gov/articles/0003-phishing
- ↑ http://msisac.cisecurity.org/newsletters/2013-04.cfm
- ↑ https://www.sec.gov/about/reports-publications/investorpubsphishing
- ↑ http://www.theguardian.com/technology/2014/jun/06/how-to-protect-yourself-from-phishing-attacks
- ↑ http://www.theguardian.com/technology/2014/jun/06/how-to-protect-yourself-from-phishing-attacks
- ↑ https://www.sec.gov/about/reports-publications/investorpubsphishing
- ↑ http://www.cbsnews.com/news/5-ways-to-protect-yourself-from-phishing-attacks/
- ↑ https://www.sec.gov/about/reports-publications/investorpubsphishing
About This Article
To report phishing, start by keeping all of the suspicious emails you receive, even if you don't open all of them. Next, forward the emails to your internet service provider so they can update their firewall and prevent others from being targeted by the spammer. Then, if you want to report the scam to the authorities, contact the FBI’s Internet Fraud Complaint Center by accessing the FBI's website. You can also file a complaint with the United States Computer Emergency Readiness Team at their US-CERT site. For tips on protecting yourself from phishing, read on!
Reader Success Stories
- "I went to APWG, and it had a large amount of helpful info. I sent this info to friends to use."