How to report phishing emails.

How to report a phishing email if you were not compromised.

If you did not click any links in the phishing emails, download any attachments, or provide any personal information to anyone, take the following steps.

1. Report the email to the FTC. Although the FTC cannot resolve your specific report, by reporting a phishing email, your valuable experience will be shared with more than 2,800 law enforcers that can use that information to investigate and take action against the cybercriminals behind these attacks.
2. Report the email to the spoofed entity. Phishers are increasingly impersonating well-known and trusted brands like PayPal, Amazon, Geek Squad, and Dick’s Sporting Goods. The businesses being spoofed face a potential loss of reputation in the marketplace even though they have nothing to do with the attacks. As a result, many of them request that users contact them with information about the phishing attempt so that they can take legal action against the cybercriminals. Many spoofed companies maintain a special web page or email address for targets to send information about spoofing attempts, but others may require a call. For example, when users encounter a Geek Squad phishing email, Best Buy (the company behind Geek Squad) asks recipients to call them at 1-888-237-8289 to report it.
3. Report the email as phishing to your email provider. The companies behind major email platforms (such as Microsoft and Google) provide easy options “Report Phishing.” Always report phishing to your email provider. Each click improves their ability to correctly identify and block future phishing emails.
4. Delete the email. Fortunately, you did not take the bait. However, you want to make sure that you do not accidentally click a bad link in the future or leave it in the inbox for someone else to click (if it’s a shared account). Once you have reported the attempt to the authorities, spoofed, business, and your email provider, always delete that email!

How to report a phishing email if you were compromised.

Uh-oh. You took the bait. You clicked. You called. Now what?

• If you paid a scammer through Western Union, MoneyGram, a debit, credit, or gift card, you should immediately contact the financial institution that facilitated the payment and let them know that it was a fraudulent charge and ask them to reverse the payment or refund your money.

• If you sent cash through the USPS, you can attempt to intercept your package before the scammer receives it. If they receive the cash, or if you paid in cryptocurrency, you will probably not be able to recover your money.

• If a scammer has access to your personal information such as your social security number or financial information.
• Contact your local police department.
• File a complaint with the FBI’s Internet Crime Complain Center (IC3).
• Visit identitytheft.gov to report the theft and put together a plan to recover your identity.

• If you gave a scammer your username and password, or suspect that they have remote access to your phone or computer, you should run antimalware software on your computer immediately and seek professional help from a cybersecurity expert. 

The FTC maintains a helpful page of advice and resources for anyone that has fallen prey to a phishing scam and provides specific instructions for what to do in your particular dilemma. In many cases, you will have a better outcome if you can respond as quickly as possible to the issue. Act quickly and seek professional assistance if you feel that the issue is beyond your ability to address.

If you think you might have been targeted by the PayPal and GeekSquad phishing attempts that are landing in millions of inboxes across the country, follow the above links learn more information specific to those scams.