Phishing Scam Reporting

Report a
phishing scam.

Phishing is the most common entry point for identity theft, account takeover, and financial fraud. That text from "your bank" about suspicious activity. The email from "Netflix" saying your payment failed. The fake USPS delivery notice. They all lead to credential-stealing pages designed to capture your login, password, and personal information. Report the message, URL, and sender here to help others recognize the same attack.

Quick phishing report

Report the phishing message in under 2 minutes. Have the original email or text? Use the full report builder

Your email address

We'll send a quick verification code. Your email is never shared publicly.

Why report phishing?

→The same phishing campaign hits thousands of people simultaneously
→Reported URLs can be blocked by browser safe browsing programs
→Email providers use reports to improve spam filters
→Your report may prevent someone else from clicking the same link

Phishing red flags

• Unexpected email/text about account problems or suspicious activity
• Sender address doesn't match the company's real domain
• Urgency — "your account will be suspended in 24 hours"
• Link goes to a URL that's similar but not the real company domain
• Asks you to "verify" by entering login credentials or personal info
• Generic greeting ("Dear Customer") instead of your actual name
• Spelling errors, weird formatting, or blurry logos
• Attachment you didn't request (especially .zip, .html, or .exe files)

Phishing statistics

300K+

phishing reports to the FBI IC3 in 2023

most common cybercrime type for 5 consecutive years

36%

of all data breaches involve phishing

$52M

direct financial losses from phishing (FBI IC3)

Phishing: the most common cybercrime in the world

Phishing has been the most frequently reported cybercrime to the FBI's Internet Crime Complaint Center for five consecutive years, with over 300,000 reports in 2023 alone. The direct financial losses are significant — $52 million reported to IC3 — but the real cost is far higher because phishing is the gateway to other crimes. A stolen email password leads to account takeover. A captured banking login leads to drained accounts. A harvested SSN leads to identity theft that can take years to untangle.

Modern phishing attacks are nearly indistinguishable from legitimate communications. A well-crafted phishing email from "Chase Bank" will use the correct logo, formatting, and tone. The fake login page it links to will look pixel-perfect. The URL will be close — "chase-securelogin.com" instead of "chase.com." Even security-savvy people get caught when they're distracted, stressed, or just clicking through email quickly at the end of a long day.

Smishing: phishing by text message

Text-based phishing ("smishing") has surged because people are more likely to trust and click links in texts than emails. Common smishing attacks include fake USPS/FedEx delivery notifications ("Your package couldn't be delivered — click here to reschedule"), fake bank alerts ("Suspicious activity detected on your account"), and fake toll or parking fine notices. The links lead to pages that capture credit card numbers, login credentials, or personal information. If you received one of these texts, report it here with the phone number and URL.

What to do if you clicked a phishing link

If you entered credentials on a phishing page, change your password for that account immediately — ideally from a different device. If you use the same password anywhere else, change those too. Enable two-factor authentication. If you entered financial information (credit card, bank account), call your bank or card issuer immediately to freeze the card and dispute any charges. If you entered your SSN, place a fraud alert at one of the three credit bureaus. Then file a detailed report — include the original message, the URL, and what information you entered.

Where else to report phishing

Report phishing to these organizations:

→Anti-Phishing Working Group — Forward phishing emails to reportphishing@apwg.org
→FTC — reportfraud.ftc.gov
→FBI IC3 — ic3.gov — especially if you lost money or personal data
→Google Safe Browsing — safebrowsing.google.com/safebrowsing/report_phish — blocks the URL in Chrome

Related scam types

Scammers often combine tactics. If this looks familiar, check these too:

Report Identity Theft→Report Business Email Scam→Report Impersonation Scam→

View all scam types →

Report aphishing scam.