Where To Report Phishing Emails And Sites

If you are wanting to report phishing there are a number of things a person is able to do. In this article we will be taking a look at some of the different ways in which a person can report a site which they consider to be a phishing one.

In the USA today there is a government site called US-CERT at http://www.us-cert.gov/nav/report_phishing.html which is collecting the various phishing emails and instant messages that people are receiving along with website locations. Once they receive details of any such phishing scams they are placed on a list on the site and this will then help others to avoid being scammed themselves in the future.

In order to report any email, instant message or website that a person considers to be a possible phishing scam they open up an email message addressed to phishing-report@us-cert.gov and attach to it the details that they have copied from the email, instant message or website address.

Also many of the well known web browsers such as Yahoo, MSN and Mozilla Firefox now provide a service to their customers where they can now notify them of any sites that they consider to be suspicious.

Today there is even the Anti-Phishing Working Group or APWG which has been set up by various companies and law enforcement agencies which is working on eliminating all kinds of fraud and identity theft which occur through phishing. Although it is a volunteer organization it has begun to build an extensive data base of all phishing emails, instant messages and websites.

The best way to report phishing emails of websites to this particular group is by sending them an email at reportphishing@antiphishing.org. Once you have opened up a new email message then all you need to do is drag and drop the email in question from your inbox into this mail message if you are using Outlook.

It is important that you do not use forward if you want to assure that they receive this message. By using the forwarding button to make APWG aware of the phishing email you have received will often result in some information being lost and it also takes them a lot longer to process. However the only time a person will be able to use the forward method is when they have to interface the web with their Outlook.

Should you receive such an email then you should:

1. Do not respond to the e-mail. Instead, forward it to the company involved. For example, if you get a phishing e-mail from someone claiming to be from eBay, you should forward the e-mail to eBay’s security department. The email address to use is spoof@ebay.com per the eBay site information listed at http://pages.ebay.com/help/account/questions/email-from-ebay.html

2. Do not click on any links in the e-mail. If you want to visit the site where the e-mail supposedly originated, type that site’s address directly into your browser. If you have a relationship with them and they do need some information from you, a request for that information should be accessible in your account.

3. Do not call any phone numbers listed in the email. These may be just another attempt to obtain your personal information. Look up the appropriate phone numbers on the company’s website.

4. If at any time while you’re viewing the e-mail, a pop-up box appears asking you to enter personal information, ignore it.

5. Forward the phishing email to the Anti-Phishing Working Group at reportphishing@antiphishing.org. Follow the instructions here: http://www.antiphishing.org/report_phishing.html.

6. Before entering personal information on any Web site, verify that it has a security certificate. Look for a closed lock icon on your Web browser. This means any information you enter will be encrypted before being sent.

In fact I have failed to make purchases I wanted on sites which do not have this security on their ordering pages. It is definitely something you should look for and can also be identified by the addition of an ‘s’ to the beginning of the url. Instead of http://www.somesite.com, it would be https://www.somesite.com.

7. Install phishing filters onto your computer and keep them updated regularly. The filters will protect you from entering personal information if you visit a website known for phishing and will warn you when you visit sites which look suspicious.

If you’re already the victim of identity theft, the first thing you should do is to change all of your online passwords and check the history of all your online accounts to see if there has been any fraudulent activity. After securing your passwords, you should contact the companies and, if necessary, arrange for new accounts and credit cards.

Additionally you should file an identity theft complaint with the Federal Trade Commission at their FTC Complaint Assistant site. However, be aware that the “FTC does not resolve individual consumer complaints” but your complaint may lead to prosecution of the individuals who sent out that phishing email.