How to report a phishing email

Egress | 18th Jun 2021

How to report a phishing email 

Most of us will have encountered a phishing email at some point. In fact, one in every 3,722 emails in the UK is a phishing attempt. This is becoming an increasingly severe problem as phishing emails become more sophisticated. This makes it easier for criminals to get access to your personal and/or financial data.  

That's why it's essential to report any suspicious emails that come your way. Spreading awareness of the latest tactics scammers are using makes it easier to prevent future phishing attempts.

But, how do you identify and report phishing emails? Read on to find out.

How to identify a phishing email

With over 149,513 emails being sent worldwide every minute, it can be tricky to filter out the malicious ones. When done well they can look very convincing. However, there are some red flags that you can look out for.

Here are the top five factors you need to take into consideration when you've received a suspicious email:

1. Sender: Just because you recognise the sender doesn't mean it's legitimate. Hover over the sender's name to check that their details are authentic and that it matches up. Sometimes, the spelling will be very similar but include extra letters or numbers.

2. Greeting: Often, scammers will use vague greetings such as 'Dear Customer' or 'To whom it may concern'. These salutations are especially suspicious if the email appears to have been sent by a company or person you know.

3. Content: Is the email attempting to create a sense of panic? Is it asking for personal information or claiming you need to reset your password? It's most likely a scam. Does it have spelling or grammar mistakes? It’s likely to be fraudulent. 

4. Links or buttons: Links and buttons in phishing emails usually take you to a spoofed website, where they will attempt to harvest your data. If you want to check out the website, open a new browser tab and manually type in the URL.

5. Attachments: Attachments can be used to install malware on your device. Malware is designed to record your passwords or release viruses that will hold your files for ransom. 

How to report a phishing email

97% of people are reportedly unable to identify phishing emails. So, if you think an email looks suspicious, it's best to err on the side of caution. There are several steps you can take to report a phishing attempt, which we've listed below:

1) Make your IT department aware

If you receive a phishing email in your inbox at work, report it to your IT department. It's vital to inform them so they can spread the word around the business. This will help to prevent your colleagues from falling victim to it.

It's also crucial that your workplace runs regular phishing awareness workshops to help employees learn how to identify and report phishing attempts.

2) Report it to the email provider

Most email providers have built-in mechanisms that allow you to report suspicious emails. You can also usually report fraud on their websites, so it may also be worth informing the email provider of the scammer.

If possible, keep a record of the email and attach it to the report so the provider can work to prevent future attempts.

3) Let the company know

Scammers will sometimes claim to represent a well-known company or organisation. However, if you can't verify its authenticity, it's a good idea to get in contact with the actual company. 

Find the right contact details on their website and forward the email to them without altering the subject line or adding it as an attachment. The company can then investigate it further. 

4) Inform a governing body

Most countries have a governing body that deals with phishing scams. Action Fraud is the UK's national reporting centre; you can submit a report at any time here. Reports made via Action Fraud will be sent to the National Fraud Intelligence Bureau (NFIB), which assesses, analyses and passes them to the police for investigation.

5) Mark the email as spam 

This is better than simply deleting the email. Every time you mark a suspicious email as spam, the email provider applies 'negative points' to the sender's domain. This prevents any future malicious emails from coming directly into your inbox. Plus, if enough spam reports are received, the domain becomes blacklisted, meaning all future messages sent from it will be instantly marked as spam. 

Learn more about phishing emails

Cybercrime is constantly evolving, so you must stay in the know. 

Visit the Egress phishing hub to read expert advice and learn more about the latest phishing tactics. Protect yourself and your data today.