At some time or another, everyone’s received one: an innocent email claiming to be from a trusted website or company. Or you may stumble onto a website that at first glance seems legitimate. But there may be something about it that doesn’t quite ring true, such as peculiar wording (perhaps even misspelled words or bad grammar), or more glaringly, a request for private information such as credit card numbers.
What you have found may very well be a scam known as “phishing,” an attempt to take hold of your personal information by tricking you into giving it to an unknown party or parties masquerading as a legal company. If you have received an email or found a website and are suspicious, what can you do?
The best course of action is to report your concerns to an organization that will investigate further. There are several places to do so:
- One is the U.S. government-operated website https://www.cisa.gov/uscert/report-phishing. It provides information on where to send a copy of the email or the URL to the website so that they may be examined by experts. It also includes links with details on phishing scams and how to recognize them and protect yourself.
- Another website to report cybercrimes is the Anti-Phishing Working Group (APWG) located at: http://antiphishing.org/report-phishing/. Unlike the government-owned website, antiphishing.org features a text box in which to copy and paste the contents of the suspicious email you have received, including the header as well as the body of the message. Along the sidebar of the website, there are additional links of information to learn about phishing scams.
- If you come across a website you believe is spoofed, or just looks like a phishing page attempting to steal user information, you can report the URL and submit comments to Google using this form: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
- The FTC has an entire section of their website for filing complaints on phishing, identity theft and other scams. Get started here: https://www.ftccomplaintassistant.gov/#&panel1-1
- The FBI’s Internet Crime Complaint Center (IC3) accepts complaints here: https://www.ic3.gov/default.aspx. Make sure you have all the information needed before filing a complaint, they will ask for information about the victim, whether there was a financial transaction, and of course any info you have about the sender.
- KnowBe4’s Phish Alert button https://www.knowbe4.com/free-phish-alert gives your users a safe way to forward email threats to your internal security team for analysis and deletes the email from the user’s inbox to prevent future exposure, all with a single click!
Phishing is a crime that has been plaguing users on the Internet for years. By reporting any suspicious contact to the proper organizations, you may have a part in helping to cut down on such unlawful activities in the future.