Home > Printer-friendly
Phishing Scams - How to Report Them

Phishing Scams - How to Report Them

What should you do when you get a "phishing" email or end up on a scam website? We're going to teach you who to report the scam to, or how you can track down the scammers yourself and work to help shut down their scam-collecting ways, at least temporarily. We've seen scams targeting eBay, Washington Mutual (Wamu), Wells Fargo, Citibank, and PayPal.

First Steps

You should contact the company involved in the scam immediately.

In other words, if you received a phishing email about Wells Fargo, you should forward it to Wells Fargo.
Best Buy - bestbuysecurityinfo@postfuture.com [1]
Citibank - emailspoof@citigroup.com [2]
EarthLink - fraud@corp.earthlink.net [3]
eBay - spoof@ebay.com [4]
PayPal - spoof@paypal.com [5]
Washington Mutual - spoof@wamu.com [6]

Wells Fargo - Contact Us Page [7]

You can also report the scam to the Internet Fraud Complaint Center [8]. This site is a partnership between the FBI and the National White Collar Crime Center.

Advanced Steps

You should only follow these steps if you have some experience with web and email issues.

View Source

  1. Look at the html source of the email message or the web form.

  2. In the html code, look for <form> tag and see where the form results are being sent.

    The form will probably look something like this:

    <form action="/cgi-bin/FormMail.cgii"

    If the form action starts with "http://..." then the results are being processed on a separate server.

  3. You will also want to look for a hidden field below the <form> tag that will look something like this:

    <input type=hidden name="email" value="someone@blahblah.com">

    This is the email address that will receive the results of the form. You'll want to track down those responsible for the servers the form and email reside on.

Track Down Servers

The best way to track down who is responsible for these servers is to use various WHOIS servers. Take the domain name or IP address you found in the email or web page and input it here:

Send a Kind Email

Now use the contact email information you find in the WHOIS listing to forward anything you received and to kindly ask them to investigate and shut down the offending page or email address.

Be nice. Usually the system administrators of these sites have nothing to do with the scam being perpetrated. They also get a lot of email and are a much more likely to help if you explain what's going on in a civil, helpful tone of voice.

Once you've sent your email, there's nothing to do but sit back and relish your part in trying to reduce the number of people gettting ripped off!

Do This Quickly!

If you move fast you might be able to head off the use of some of your information.

Change Your Password

If you filled out one of these scam forms and entered any password information - change it immediately.

While you're logged into your account, check your transaction history, if possible, to see if there are any fraudulent entries.

Contact the Company

Call or email the fraud department of the company involved and let them know that your account might be compromised.

Call Your Bank and Credit Card Companies

You should call to see if any fraudulent transactions have shown up and to possibly arrange for new cards or accounts.

Is That It?

If you entered your Social Security Number, Date of Birth, Address, etc into the form, you will need to follow the steps listed on our Emergency Help page [12]. You are a potential victim of identity theft.

Source URL: http://www.fightidentitytheft.com/phishing-scams.html

Links:
[1] mailto:bestbuysecurityinfo@postfuture.com
[2] mailto:emailspoof@citigroup.com
[3] mailto:fraud@corp.earthlink.net
[4] mailto:spoof@ebay.com
[5] mailto:spoof@paypal.com
[6] mailto:spoof@wamu.com
[7] http://www.wellsfargo.com/per/per_ask_us.jhtml
[8] http://www.ic3.gov/
[9] http://networksolutions.com/en_US/whois/index.jhtml
[10] http://network-tools.com/
[11] http://ws.arin.net/cgi-bin/whois.pl
[12] http://fightidentitytheft.com/identity_theft_victim.html