Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

How to report different kinds of phishing

Phishing comes in many forms — emails, text messages, voice calls, websites, or social media profiles. Most of it, however, will be URL phishing, asking you to click a link, where trouble (in one form or another) is waiting for you. In this guide, we will show you how to report it and make the internet at least a bit safer for you and other users.

How to report different kinds of phishing

Table of Contents

Table of Contents

Why you should report phishing

You may think that if you have already detected a phishing attack, that means you’re safe, and there’s no need to report it. However, notifying a company about phishing attempts in its name will allow it to warn its other customers who are not as tech savvy. Letting an email provider know that someone is sending out phishing campaigns will help it improve its email filtering. And finally, in the broader sense, you’re doing your part in the effort to combat cybercrime.

How to report phishing

Thankfully, reporting a phishing attack is generally a very straightforward process that takes only a minute or two. Many public organizations and cybersecurity agencies have dedicated websites where you can easily report a phishing attempt. The exact process may differ slightly — reporting vishing, for example, might require you to record your calls and share them, while an email phishing report only has to include the email itself. However, the general process of reporting phishing will go as follows:

  1. Accurately identify a phishing attempt. Don’t just go reporting poor sales representatives who are trying to cold-email you about their products — you should be pretty sure you’re the target of a scam to report it. Here’s how you can check if an email is phishing: Is the message asking you for private information? Does it contain attachments or links, and is asking you to open them? Do you know the sender, and does it make sense for them to contact you? Go over the email carefully and try to identify as many red flags as possible.
  2. Document the phishing attempt. Take screenshots or save the content of the phishing message, email, or website because this information can be crucial for the investigation. Be very careful to never open the files or links — if possible, it’s best to forward the email straight to the organization you’re reporting it to.
  3. Use dedicated phishing reporting websites. Platforms like phishing.org and the Anti-Phishing Working Group (apwg.org) have dedicated pages where you can report phishing attempts. Reports like yours contribute to a database that helps track and combat phishing worldwide.

Read on to find out how you can report phishing directly to the service that delivered the phishing email (your email provider) or the service your attackers are trying to impersonate.

Where to report phishing

Most popular online services have specific protocols for reporting phishing aimed at protecting their users and enhancing security measures. Here’s how to report phishing for some of the popular services that are likely to be targeted:

Report phishing to Gmail

If you received a phishing email in your Gmail account, follow these instructions to report the phishing:

  1. Open the email that you suspect is a phishing scam.
  2. At the top, next to the reply button, click the three-dot icon.
  3. Select “Report phishing” from the dropdown menu.
  4. Confirm your action by clicking “Report phishing email.”

Report phishing to Google

If you’ve encountered a phishing attempt through other Google services, like Google Forms, report it this way:

  1. Visit the Google Safe Browsing phishing page.
  2. Enter the URL of the phishing website.
  3. Click “Submit report.”

Report phishing to Outlook

If you received a phishing email in your Outlook account, follow these instructions to report the phishing:

  1. Select the message you believe is a phishing attempt.
  2. Above your list of emails, click the “Junk” dropdown menu.
  3. Choose “Phishing,” then “Report” to send the report to Microsoft.

Report phishing to Microsoft

If you’ve encountered a phishing attempt involving Microsoft services outside of Outlook, like OneDrive or Microsoft 365:

  1. Forward the entire email to phish@office365.microsoft.com.
  2. Delete the email from your inbox.

Report phishing to Apple

When you receive a suspicious email claiming to be from Apple or containing links to the iTunes or App Store, report it as phishing directly to the company — forward the email to reportphishing@apple.com.

Report phishing to Amazon

If you encounter a phishing scam related to or claiming to be from Amazon, forward the email to stop-spoofing@amazon.com.

Report phishing to Walmart

For phishing attempts claiming to be from Walmart, forward the suspicious email to abuse@walmart.com.

Report phishing to FedEx

If you received a phishing email, text message, or call from someone pretending to be from FedEx:

  1. Collect as much evidence as possible, including screenshots of the text messages, and add comments on whether some of your information in it was accurate (like your name or address). If the attempt was via phone call, if you haven’t recorded it, try to describe it in as much detail as possible.
  2. Send everything and forward the email if there is one to abuse@fedex.com.

Report phishing to PayPal

To report a phishing attempt claiming to be from PayPal, forward the entire email to spoof@paypal.com.

Why your phishing report matters

Whether you’re dealing with a suspicious email in Gmail, an odd message purporting to be from PayPal, or any other type of phishing attempt, you can take steps to report these incidents. Services like Google, Microsoft, Apple, and Amazon have made it straightforward to alert them to phishing attempts, allowing them to take swift action.

Taking the simple step of reporting a phishing scam is one of the most impactful ways regular internet users can make the online world safer for everyone. Your report might help cybersecurity professionals identify and neutralize that threat before it can harm anyone. It also might provide critical data that aids ongoing investigations and helps researchers improve phishing detection tools.

So don’t hesitate to take that minute to file a report — it’s a small, easy action that makes the internet a bit better. And once you’re done, make sure your data continues to be safe by getting anti-phishing software — it will protect you from the more sophisticated phishing attacks, as well as zero-day phishing.

Online security starts with a click.

Stay safe with the world’s leading VPN