How to report phishing emails.

by Jon Lober | NOC Technology

What should you do with that phishing email that's sitting in your inbox?

Although many of us have improved our ability to spot such emails, most of us still do not know what to do after we identify one.


Should you just delete it? Contact authorities? Contact the company that is being spoofed? The short answer is yes, but how you respond is probably contingent on whether or not you actually clicked anything in the email in question or provided any personal information to the folks behind the email.

How to report a phishing email if you were not compromised.

If you did not click any links in the phishing emails, download any attachments, or provide any personal information to anyone, take the following steps.


  1. Report the email to the FTC. Although the FTC cannot resolve your specific report, by reporting a phishing email, your valuable experience will be shared with more than 2,800 law enforcers that can use that information to investigate and take action against the cybercriminals behind these attacks.
  2. Report the email to the spoofed entity. Phishers are increasingly impersonating well-known and trusted brands like PayPal, Amazon, Geek Squad, and Dick’s Sporting Goods. The businesses being spoofed face a potential loss of reputation in the marketplace even though they have nothing to do with the attacks. As a result, many of them request that users contact them with information about the phishing attempt so that they can take legal action against the cybercriminals. Many spoofed companies maintain a special web page or email address for targets to send information about spoofing attempts, but others may require a call. For example, when users encounter a Geek Squad phishing email, Best Buy (the company behind Geek Squad) asks recipients to call them at 1-888-237-8289 to report it.
  3. Report the email as phishing to your email provider. The companies behind major email platforms (such as Microsoft and Google) provide easy options “Report Phishing.” Always report phishing to your email provider. Each click improves their ability to correctly identify and block future phishing emails.
  4. Delete the email. Fortunately, you did not take the bait. However, you want to make sure that you do not accidentally click a bad link in the future or leave it in the inbox for someone else to click (if it’s a shared account). Once you have reported the attempt to the authorities, spoofed, business, and your email provider, always delete that email!

 

How to report a phishing email if you were compromised.

Uh-oh. You took the bait. You clicked. You called. Now what?

  • If you paid a scammer through Western Union, MoneyGram, a debit, credit, or gift card, you should immediately contact the financial institution that facilitated the payment and let them know that it was a fraudulent charge and ask them to reverse the payment or refund your money.


  • If you sent cash through the USPS, you can attempt to intercept your package before the scammer receives it. If they receive the cash, or if you paid in cryptocurrency, you will probably not be able to recover your money.


  • If a scammer has access to your personal information such as your social security number or financial information.
  • Contact your local police department.
  • File a complaint with the FBI’s Internet Crime Complain Center (IC3).
  • Visit identitytheft.gov to report the theft and put together a plan to recover your identity.


  • If you gave a scammer your username and password, or suspect that they have remote access to your phone or computer, you should run antimalware software on your computer immediately and seek professional help from a cybersecurity expert. 


The FTC maintains a helpful page of advice and resources for anyone that has fallen prey to a phishing scam and provides specific instructions for what to do in your particular dilemma. In many cases, you will have a better outcome if you can respond as quickly as possible to the issue. Act quickly and seek professional assistance if you feel that the issue is beyond your ability to address.


If you think you might have been targeted by the PayPal and GeekSquad phishing attempts that are landing in millions of inboxes across the country, follow the above links learn more information specific to those scams.

Be sure to include information technology in your 2025 budget
By Jon Lober December 17, 2024
Make sure you include IT in the budget.
By Jon Lober December 12, 2024
“Who’s taking notes at this meeting?”
By Jon Lober December 6, 2024
Protect your business with basic strategies.
More Articles
Share by: