This article was co-authored by Clinton M. Sandvick, JD, PhD. Clinton M. Sandvick worked as a civil litigator in California for over 7 years. He received his JD from the University of Wisconsin-Madison in 1998 and his PhD in American History from the University of Oregon in 2013.
There are 7 references cited in this article, which can be found at the bottom of the page.
This article has been viewed 42,187 times.
Phishing is a tactic used by criminals to gather personal information in an attempt to commit identity theft. If you suspect a phishing attempt, it's important that you report it to the proper authorities. We'll show you how to properly report phishing attempts before unsuspecting users become victims.
Steps
Protecting Yourself from Phishing
-
1Refuse to open suspicious emails. Check email addresses carefully and don’t open an email that looks suspicious.[1] Be suspicious of emails from people or organizations you do not know or have not done business with.
- You can also identify phishing emails by the messages contained in the body of the email. They often claim that your account has been compromised and invite you to click on a link to confirm your identity. Or, they claim your account has been overcharged and that they need you to call them.[2]
- If you do open an email, don’t download files, click on links, or respond.[3]
-
2Communicate personal information only by phone. If you need to contact a company and provide personal information, choose to do so over the phone rather than through email.[4]
- Don’t just call the phone number provided in the email. Look at prior correspondence, or do a web search, to check whether or not the phone number in the email is the one you should actually call.[5]
- Also don’t enter personal information into an embedded form. A reputable company would never ask you do to that.[6]
Advertisement -
3Install a firewall and a spam filter. You should also have an updated software security package that includes anti-virus and spyware detection features. Make sure that you download the most recent security patches.[7]
- Services like Norton AntiVirus or McAfee cost between $30-100 a year.[8]
- Be sure to perform financial transactions only on an encrypted, secure web page. You can tell a page is secure by looking for a closed padlock on the status bar and checking for a URL that begins with “https” instead of “http.”[9]
-
4Visit the Anti-Phishing Working Group (APWG). APWG is a consortium of law enforcement, financial institutions, research and security companies, Internet retailers, and service providers. They share phishing and spoof email information among member organizations, and they spread awareness of new threats to the Internet community. They keep a list of current phishing attacks.[10]
- You can visit their website here.
Reporting Phishing
-
1Keep all suspect emails. Most reporting agencies will instruct you to forward the original email when you report a phishing scam. Although you do not need to open these emails, you do not need to delete them either.
- You can also take a screen shot of the email on your cell phone in case the email is subsequently deleted.
-
2Contact the company or individual being spoofed. Scammers often pretend to be other individuals or businesses. You should contact the spoofed entity and let them know that someone is impersonating them.
- The company or individual may wish to pursue a lawsuit.
-
3Forward the email to your Internet Service Provider (ISP). ISPs try to filter out what appears to be a phishing attempt. Accordingly, you should inform them so that they can update their firewall and prevent the same scammer from targeting more people.
- Your ISP is the company that provides you with internet access.[11] Check your bill. If you use free Wi-Fi provided by a business, university, or building management company, then alert someone who works with the organization.
-
4Contact the authorities. There are many government organizations you can contact to report a phishing scam. Before contacting them, gather necessary information: your contact information (phone number and mailing address), the name of the individual or business being defrauded, and the telephone number and website address given in the email.
- You can contact the FBI’s Internet Fraud Complaint Center at www.ic3.gov. Your complaint will be processed and then forwarded to the appropriate authority.
- Notify the Federal Trade Commission. While they cannot help individual cases, their Consumer Sentinel complaint database provides information to law enforcement worldwide. Forward phishing emails to spam@uce.gov.
- File a complaint with the United States Computer Emergency Readiness Team at their US-CERT site. Their function is to respond and defend against cyber-attacks of all kinds.
Responding to Identity Theft
-
1Call companies where fraud occurred. If you accidentally provided personal information and become a victim of identity theft, you should immediately contact the businesses where the fraud occurred.
- Ask to speak to the company’s Fraud Department and report the fraud.
- Ask the company to freeze your accounts. In this way, you will immediately halt any fraudulent transactions.
- Reset PINs, passwords, and logins.
-
2Inform the credit bureaus. Call TransUnion (800) 680-7289, Equifax (800) 525-6285 or Experian (888) 397-3742 and request a fraud alert on your credit report. This alerts the bureaus of possible phishing activity and prevents anyone from opening new credit accounts in your name. (Note: The bureaus share information, so 1 request will result in notification to all 3.)
- A fraud alert is free.
- Also pull your credit report and go through it, looking for other fraudulent loans taken out under your name.
-
3Alert your financial institution. You will want to stop anyone from accessing your online checking or savings accounts, or from using credit cards issued by your financial institution. Change your online logins and passwords.
-
4File a police report. Go to your local police station to report identity theft. Be sure to bring the following:
- government-issued photo ID
- proof of address (such as a utility bill or rental agreement/mortgage statement)
- proof of the theft (bills, IRS statements, etc.)
- a completed copy of the FTC Identity Theft Affidavit
- a downloaded copy of the FTC Memo to Law Enforcement.
References
- ↑ http://msisac.cisecurity.org/newsletters/2013-04.cfm
- ↑ http://www.consumer.ftc.gov/articles/0003-phishing
- ↑ http://msisac.cisecurity.org/newsletters/2013-04.cfm
- ↑ http://www.sec.gov/investor/pubs/phishing.htm
- ↑ http://www.theguardian.com/technology/2014/jun/06/how-to-protect-yourself-from-phishing-attacks
- ↑ http://www.theguardian.com/technology/2014/jun/06/how-to-protect-yourself-from-phishing-attacks
- ↑ http://www.sec.gov/investor/pubs/phishing.htm
- ↑ http://www.cbsnews.com/news/5-ways-to-protect-yourself-from-phishing-attacks/
- ↑ http://www.sec.gov/investor/pubs/phishing.htm
About This Article
To report phishing, start by keeping all of the suspicious emails you receive, even if you don't open all of them. Next, forward the emails to your internet service provider so they can update their firewall and prevent others from being targeted by the spammer. Then, if you want to report the scam to the authorities, contact the FBI’s Internet Fraud Complaint Center by accessing the FBI's website. You can also file a complaint with the United States Computer Emergency Readiness Team at their US-CERT site. For tips on protecting yourself from phishing, read on!