How can I report a phishing email?

Unfortunately, the frequency of phishing attacks has risen exponentially in the past year, with fraudsters trying to take advantage of the challenging circumstances created by the pandemic. In the UK for example, there was a jump in the number of phishing attacks mimicking the National Health Service (NHS) website design and layout, using the COVID-19 vaccine rollout via email and text messages to lure people to share their personal information.

Email scams are one of the most common ways personal details are stolen. So, it’s very important that you’re able to recognise one in order to avoid becoming a victim. Here’s what you can do. 

First of all, you need to be extra cautious when you receive emails from a site asking for your personal information. If your bank – for example – emails you, they will never ask for details such as your online banking username and password. So, if you receive an email that looks like it’s coming from your bank but is asking you to share sensitive personal details, it’s very likely a scam. If you get this type of email, don’t click on any links or reply to the email until you’ve confirmed that it’s real.  

Here’s a couple of quick things to check for in a suspicious email: 

  • Check that the email address and the name of the sender match.  
  • Hover over any links before you click on them to see if the destination URL matches the description of the link. 
  • Look out for any obvious spelling mistakes. For example, check the message headers to make sure that the ‘from’ header isn’t showing an incorrect name. 
  • If the email looks to be from a person or institution you know, call them to double check whether they’ve sent that email.

How to report a phishing email

Often email providers such as Google and Outlook automatically move the email to your spam/ junk folder if they deem it suspicious. However, if an email isn’t marked with a warning sign or moved to spam, and you think it doesn’t look right, there are steps you can follow to mark it as spam.  

Here’s what to do if you use Gmail:  

  • Sign in to your Gmail account on your computer or mobile device  
  • Open the message  
  • Click on the three dots next to the reply button  
  • Click report phishing.  

Note that when you manually move an email to the spam folder, Google will receive a copy of the email and may analyse it to protect other users from scams.

Follow these steps if you have an account on Outlook:  

  • Sign in to your Outlook account using your computer or mobile device  
  • In the email list, select the message(s) you’d like to report  
  • Above the reading pane, select Junk > Phishing > Report to report the message sender.

When you mark a message as phishing, it reports the sender but doesn’t block them from sending you messages in the future. To block the sender, you need to add them to your blocked senders list. 

Reporting phishing emails to your Yahoo Mail account:  

  • Log into your Yahoo Mail account using the mobile app or computer browser.  
  • Locate the phishing email in your inbox, spam or trash folder and click the selection box next to it. 
  • Click the chevron next to Spam and select Report a Phishing Spam on the menu that appears. 
  • The email will be reported to Yahoo as phishing and will be removed from your inbox. 

Furthermore, most big online retailers like Amazon and Apple have their own reporting systems to help customers report suspicious emails or webpages. This is usually accessible through their Help & Support centers.  

Here are the steps you can follow if you want to flag malicious correspondence to Amazon:  

  • Open a new email and attach the one you think is fake. 
  • Alternatively, forward the email if you’re not able to attach it. 
  • If you came across a suspicious webpage, simply copy and paste the link into the body of the email.  
  • Send the email to stop-spoofing@amazon.com. 

If you receive a suspicious email that looks like it’s supposed to be from Apple, you can forward it to a dedicated email - reportphishing@apple.com. 

If you want to find out how to spot and protect yourself from other types of scams, check out some of our other blogs on the topic: