How to spot and report phishing emails | #microsoft | #hacking | #cybersecurity

There are things you can do to stay safe online, but even if you have the best security software and latest and greatest hardware, social engineering means phishing can still be a credible threat. Phishing is far from the most dangerous or innocuous threat to an internet user, but it often feels more villainous than other forms of cybercrime. There’s something unsettling about an attacker using something as ordinary as an email to take over your life and really ruin your day.


Fortunately, phishing is often quite easy to identify and avoid, but what do you do after you have successfully identified an attack? Reporting phishing is a good start, although, for your report to be effective, you need to make sure you report it to the correct place. Let’s have a look at where and how to report phishing attacks so that you can help protect your fellow netizens.

How to report phishing emails to your email provider

Reporting phishing emails can take a number of forms, depending on a few factors. Strictly speaking, you should report phishing emails to law enforcement as well as the company being impersonated, but it also helps to report it to your email providers so that they can use the data to filter for those emails automatically.

Often, reporting phishing emails to your email provider is the easiest of the three options, so let’s start there and take a look at how to report phishing emails to Gmail and Outlook.

How to report phishing emails in Gmail

With over 1.5 billion users, Gmail is by far the most popular email service provider, and for a reason. Between a free account and loads of smart inbox filters, Gmail is a pretty convincing package. As part of the package, Gmail tries to filter out or label harmful emails before they reach your inbox. Sometimes a well-written phishing email will make it through the filters, in which case, you can report it from the inbox to help Google tweak the filter.

To report a phishing email to Gmail, open the email and follow these steps:

  1. Select the three vertical dots next to the Reply button to open the Options menu.
  2. In the Options menu, select Report phishing to start the report and display the confirmation pop-up.
  3. In the report confirmation pop-up, review the consequences of reporting the email to Google and then select Report Phishing Message to confirm your report.

At the time of writing, there is no way to report phishing directly from the Gmail app on mobile, so you’re stuck reporting them from your desktop. If you receive a phishing email while you’re on the go, and you want to report it, snooze the email so that you get a reminder when you’re home. Although, you might be better off blocking the email and reporting it as spam in that case.

How to report phishing emails in Outlook

Outlook, similar to Gmail, has email filters that aim to protect users against potentially unwanted emails. If you’re using Outlook and want to report a phishing email to help train those filters, the process is similar, though there are two options to access the report tool.

To start reporting a phishing email, open the email in question and proceed as follows:

  1. In the email viewer, select the three dots to the right of the Reply and Forward buttons and then click Security options in the drop-down menu.
  2. In the Security options drop-down, select Mark as phishing to open the report confirmation pop-up.
  3. In the confirmation pop-up, select Report to report the email as phishing.

Alternatively, you can find the report options in the top bar under the drop-down menu labeled Junk and select the phishing option from that drop-down menu to get to the confirmation window in step 3.

How to report phishing emails to law enforcement and regulatory agencies

Reporting phishing to law enforcement can seem frustrating and potentially frivolous. Still, there is an increasing awareness about cybercrime and online fraud, so when those systems are available, it’s good to use them.

  • On a global scale, you can forward phishing emails and details of the encounter to the Anti-Phishing Working Group at The APWG collects and compiles data and trends about phishing and reports the phishing lists it compiles to the authorities. The best way to send the APWG a suspicious email is to send it as an attachment rather than forwarding it.
  • In the United States, you can file a complaint on the FTC’s fraud reporting system.
  • If you’re in the U.K., send phishing emails to the National Cyber Security Center’s email at
  • In Canada, the Canada Anti-Fraud Centre handles phishing and fraud reports. You can call the CAFC at 1-888-495-8501 or use the Canadian Royal Mounted Police’s online reporting tool.

How to report suspicious activity to a business that’s being used in a phishing attempt

If you think about it, it’s easy to see how phishers can cause damage to the reputation of a business when they send out emails impersonating that business. If you receive a suspicious email from Amazon, you’re less likely to trust an actual email from Amazon in the future. It’s worth reporting phishing activity to help protect the business and—more importantly—other less tech-savvy users that may receive the email and fall for the phishing scheme.

Websites that are commonly used for phishing schemes include Amazon, Dropbox, Google, Microsoft (and any of its Office services), PayPal, and banks. Each of these companies lets consumers get in touch to report phishing or fraudulent activity, usually via email.

How to report phishing attempts to Amazon

Amazon has a help page dedicated to phishing and assisting customers with phishing reports depending on how much the user’s info was compromised. At a basic level, you can forward the email to to report an email. If you have accidentally fallen for an Amazon-spoofing phishing scheme, your best bet is to follow the steps on the support page, depending on what information you shared with the phishers.

How to report phishing emails to Dropbox

Dropbox requests users forward any suspicious emails to It goes one step further, asking users to report suspicious links or other abusive materials to that same email. If you receive a suspicious link or suspect someone was trying to phish for your information, send a copy of the link and a brief summary to Dropbox so that the company can help keep its user base safe.

How to report phishing attempts to Microsoft

Phishing attempts often involve spoofing Microsoft emails, offering upgraded services or technical support. In the case of a known Microsoft phishing attempt, you can forward the email as an attachment to If you are a Microsoft 365 account subscriber, you can also use the submission portal to submit reports. However, this takes a lot more work, and you need to be an admin to submit an issue via the portal.

How to report phishing to Google

Google only allows users to report phishing attempts if the attempt happens within a Google product or service. A good example is reporting suspicious emails that come to a Gmail address. If you are the target of a phishing attempt via Google Docs or Drive, you can report the email notification the same way you would report a phishing attempt as described above. You can also report a Drive, Docs, Sheets, or Slides phishing attempt using the web interface of the relevant product.

To report suspicious activity, use the Help drop-down menu in the Google Docs web interface, click Report abuse, select the reason for the report, and click Submit report.

How to report phishing to PayPal

One of the most common phishing attempts is the PayPal refund scam that tries to steal credit card information and gain access to your funds. Reporting phishing scams to PayPal helps make the company aware of the issue and protects the other users on the site. To report a PayPal phishing attempt, forward the full email to PayPal advises that you also delete the email from your inbox, which is good advice, but it isn’t strictly necessary either.

How to report phishing to your local bank

Reporting phishing and scams to your local bank will depend on the specific bank, but generally, banks have a fraud or security line you can call to ask for information or report fraud activity. So, your first step should be to call your bank and follow their advice. Alternatively, you can report any phishing attempts to local law enforcement as described previously.

Stay safe out there

As long as there are people online that can be taken advantage of, there will be cybercriminals trying to take advantage of them. The best thing you can do as an internet user is to be aware of the dangers of being online. This means taking the time to read emails and online content critically and cynically to make sure you don’t fall prey to bad actors. Reporting phishing and online fraud is just another step that you can take to make the internet slightly more hostile towards those that mean us harm.

There are other types of attacks where bad actors can steal your identity and make your life miserable. You can protect your personal information and your computer from these attacks by creating a strong password that’s hard to guess.

Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published.

2 + eight =