Reporting Bad Sites and Messages

Why Reporting Matters

When you report phishing sites, scam messages, and malicious content, you help protect others. Reports feed into security databases that block threats for millions of users. A single report can prevent thousands of victims.

Report Phishing Emails

In Gmail

1. Open the suspicious email
2. Click the three dots menu
3. Select "Report phishing"

In Outlook

1. Select the suspicious email
2. Click the "Report" button in the toolbar
3. Choose "Report phishing"

General Email Reporting

Forward phishing emails to:

• [email protected] (Anti-Phishing Working Group)
• [email protected] (FTC)
• The security team of the company being impersonated

Report Phishing Websites

Google Safe Browsing

1. Go to safebrowsing.google.com/safebrowsing/report_phish/
2. Enter the URL of the phishing site
3. Add any additional details
4. Submit the report

Microsoft

• Report phishing sites to microsoft.com/wdsi/support/report-unsafe-site

Your Browser

• Chrome: Click the three dots, Help, Report an issue
• Firefox: Help, Report Deceptive Site
• Edge: Settings, Help and feedback, Report unsafe site

Report Scam Ads

• Google Ads: Click the "X" or "i" icon on the ad, then "Report this ad"
• Facebook/Instagram: Click the three dots on the ad, "Report ad"
• Twitter/X: Click the three dots, "Report ad"

Report Text Message Scams (Smishing)

• Forward scam texts to 7726 (SPAM) in the US
• Report to the FTC at reportfraud.ftc.gov
• Block the sender on your phone

Report to Government Agencies

United States

• FTC: reportfraud.ftc.gov for scams and fraud
• FBI IC3: ic3.gov for internet crimes
• CISA: cisa.gov/report for cybersecurity incidents

United Kingdom

• Action Fraud: actionfraud.police.uk
• NCSC: Forward emails to [email protected]

Other Countries

Search for your national cybersecurity agency or consumer protection office.

Report to the Impersonated Company

Most major companies have dedicated reporting channels:

• Banks: Usually have fraud reporting numbers on the back of your card
• Tech companies: Search "[company name] report phishing"
• Social media: Use in-app reporting features

What Information to Include

When reporting, provide:

• The full URL of the malicious site
• Screenshots if possible
• The full email headers (for email reports)
• How you encountered the threat
• Any personal information you may have entered (for your records)

Key Takeaways

• Reporting protects others from the same threats
• Use built-in reporting in email clients and browsers
• Report to Google Safe Browsing and the impersonated company
• Forward phishing emails to [email protected]
• Report financial fraud to government agencies