It seems like I’ve been getting an unusually large number of phishing emails lately, and I’ve began wondering whether everyone realizes how they can report phishing emails with their email provider. This article will highlight what phishing is, and why/how to properly report it.

What is a phishing email? I thought Wikipedia did a pretty good job of describing it:

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets.

A lot of people confuse these messages with spam, and when I asked a few people whether they report the phishing emails they all said yes. When I showed them how to do it the general response was “ohhhhh.” It turns out that all of them, some of which were computer savvy, just report these emails as spam without realizing that there are separate options for reporting phishing.

The reason why it is important to correctly report phishing emails is that warnings messages are more prominently displayed for other users. This is what a phishing email looks like in Gmail:

Gmail Phishing Warning

Now that you know what phishing is and why to properly report it, lets take a look at how you go about doing so in Gmail, Yahoo! Mail, and Windows Live Hotmail.

–Gmail–

Gmail is pretty easy because you just have to use the drop-down arrow located in the upper-right corner of each message. When you click it there will be an option labeled Report Phishing towards the end of the list:

Gmail Report Phishing 

–Yahoo! Mail–

Unfortunately Yahoo! Mail doesn’t have a built-in feature for reporting phishing emails, but they recommend that you forward the email in question to phishing@cc.yahoo-inc.com so that it can be analyzed. You can also report the phishing website to Yahoo! using this form.

–Windows Live Hotmail–

When you click on the Junk option in Windows Live Hotmail there will be a Report phishing scam option located at the bottom of the list:

Windows Live Report Phishing

There Are 15 Comments

  1. I’ve never heard of a difference between the two. I just consider phishing a form of spam. When I see phishing messages in my spam folder, I think my mail service is doing a good job. I use Y!Mail and when I get phishing messages, I just click the spam button. I don’t think Y!Mail has any advanced warning message for phishing, so I don’t know what taking the extra effort to forward the message to that address would accomplish. I don’t think distinct phishing reporting is necessary. I don’t give out personal info in Emails, especially those in the spam folder, unless I know they’re legitimate.

    [antispam.yahoo.com]

    Somewhat on topic. Today I checked my spam folder and 15 of the 25 messages were false positives. That’s a horrible ratio! All 15 were w/in the last month, and all but one were auto messages (like mail delivery failed and E-buy confirmations — that $0.72 1GB flash drive I’m waiting on).

  2. I have a question, how do I know the difference between spam and phishing if I never open the email?

    taf

  3. netster007x wrote:
    Today I checked my spam folder and 15 of the 25 messages were false positives. That’s a horrible ratio! All 15 were w/in the last month, and all but one were auto messages (like mail delivery failed and E-buy confirmations — that $0.72 1GB flash drive I’m waiting on).

    Wow, that is pretty terrible. I’m assuming that Yahoo! Mail learns from messages you tell it aren’t spam?

    tafkajp wrote:
    I have a question, how do I know the difference between spam and phishing if I never open the email?

    taf

    You’ll have to open the message in order to find out. There isn’t really a way around that.

  4. Thanks for the tips, never knew those options were available. Will certainly use that from now on :)

  5. Change wrote:
    Thanks for the tips, never knew those options were available. Will certainly use that from now on :)

    No problem! If we only helped a handful of people it would be worth it. Interestingly enough the number of phishing emails I had seen hit my Inbox(es) in Gmail has been drastically reduced since writing this article. 8O

  6. they want you to print full headers so they can track it down.but if it doesn’t initiate from their site they just say thanks but it’s not their client so they can’t take action. if i have yahoo & hotmail shows up in the headers how do i contact hotmail.
    you’d think any server would want to stop the phishers.

  7. I keep getting phishing emails from what appears to be Bank of America. I have been opening them, right click, copy the source and routing, then forwarding that info to BOA @ abuse@bankofamerica.com. The phishers get angry becuase large corporations shut them down immediately. Within the last month I received another, and when I opened it to obtain the source and routing, was immediately infected with a very nasty Trojan. The forwarding to abuse@(name of insitution).com works for most legit companies and they are happy to get the info. Some get by my inbox Filter in Hotmail, but I simply move them to junk without opening them and the system learns. From now on I just delete them but that is a PITA. I saw on another forum how to report phishing emails in Hotmail Live. Doesn’t seem to work for me Running Explorer 7, even though it has Hotmail Live redirect. BTW: I am running Verizon Security Suite full version real time protection, and the Trojan still got through.

    • Try using a different internet browser, Microsoft is constantly coming out with “security fixes” for their browser. I recommend Google Chrome, much safer.

  8. phishing@cc.yahoo-inc.com

    I got a password phishing email and tried forwarding to phishing@cc.yahoo-inc.com and got this message after clicking send ” There was a problem!

    The recipient info doesn’t seem quite right. Please look it over and try again.”

    How do I forward the phishing email to Yahoo! if the reporting addy has a problem ?

    • I am trying to report a Yahoo!mail phishing email and am recieving the same error report. Looking at the phishing email, there is a similar address within the text that ends with cc.yahoo-inc.com.
      Is that a ligitimate domain name, or is that itself another phishing site?
      Seems phishy that we cannot access phishing@cc.yahoo-inc.com AND that domain shows up withing a phishing email.

      At any rate, how are we supposed to report phishing emails to yahoo? All I find is a form to report websites or instant messages, nothing to forward emails to.
      Do they not want to know about this??

  9. Yahoo does NOT have a way for Non Yahoo account users to report phishing/abuse from Yahoo accounts. I had a discussion with Yahoo Customer Care on their live chat and was told by both an Agent and a Supervisor that I could use my own Yahoo account to report spam/phishing for other non yahoo users or encourage them to open a Yahoo account. All the links on the Yahoo Help page direct you to the Login Screen.

    Joshua: If she really wants to report this Yahoo! account to directly to Yahoo!, you can report it for her or have her create a Yahoo! account.

    Joshua: If she received an email form a Yahoo! Mail account or other email accounts. We encourage you to report such incidents to the appropriate provider or company involved. They will be in a better position to take appropriate action. You may also wish to report the phishing email to the Federal Trade Commission (FTC) by forwarding it to: spam@uce.gov

    Those were from the supervisor. Nice to see Yahoo is condoning phishing and spam from their account holders by doing absolutely nothing for those who don’t use Yahoo.

  10. 2013 INPUT (feedback); Good page. Thanks. Yet,

    Indeed, some email providers (hotmail?) don’t care about your spam IF it wasn’t sent through their machines. I don’t think anyone deals with “reply to” in the address/header or in the body of the text.

    Some say to use “report phishing” regardless of WHO sent the email and they will advise others involved (gmail/google.)

    Tangent on phishing. Just opening an email can advise the sender your address is valid, when the text (javascript) has something like [newsite.com]

    As of this writing, hotmail/Micro$oft allows you to ‘view source/original’ without actually opening the email (see above paragraph), but gmail requires you to (see above paragraph.)

    Bad people can hack into real sites and put a virus/malware in an item (folder/item.) Spam in these cases typically are sent on Friday night/Saturday when businesses are closed. Not their fault, except allowing insufficient security to exist (leaving the front door open when they go home)

    As for the Internet company actually sending the spam/phishing directive, they are in business to send emails and don’t really care IMO if the emails are good or not. And as for site registraction, cheap or free for 30 days, same non-caring. Phony registratration or the hidden feature of GoDaddy (shame on them for allowing this protection), you can not find out who registered the site. But then again, even governments falsify registrations

  11. About 4 months ago I was spammed $2.100.00 by these individuals #1. (Annick johnkoussai. Email anndeafxx1@yahoo.com) #2 (hadji babakan. Email chasestorage@live.fr) conspirators namely. Mark limba and mike dickson. They are opperating in koumassi,abidjan,ivory coast. A yahoo email account was the primary source of communication. I made a report on stop scammers .com. The report was published. But the crooks continue with their malice. That’s not fair. An investigation should follow. Can you help? More information will be sen’t upon request.

  12. I keep getting this one

    Federal Bureau of Investigation
    Intelligence Field Unit J. Edgar Hoover Building
    935 Pennsylvania Avenue, NW Washington, D.C.

    Attention: Beneficary,

    I am Special Agent Erick Bolt from the Federal Bureau of Investigation (FBI) Intelligence Unit, we Intercepted two consignment boxes at JFK Airport, New York, the boxes were scanned but found out that it contained large sum of money ($4.1 million) and also some backup documents which bears your name as the Beneficiary/Receiver of the money, Investigation carried out on the diplomat that accompanied the boxes into the United States, said that he was to deliver the fund to your residence as overdue payment owed to you by the Federal Republic of Nigeria through the security company in the United Kingdom.

    Meanwhile, we cross check all legal documents in the boxes but we found out that your consignment was lacking an important document and we cannot release the boxes to the diplomat until the document is found, right now we have no other choice than to confiscate your consignment.

    According to Internal Revenue Code (IRC) in Title 26 also contain reporting requirement on a Form 8300, Report of Cash Payment Over $10,000 Received in a Trade or Business, money laundering activity may violate 18 USC §1956, 18 USC 1957, 18 USC 1960, and provision of Title 31, and 26 USC 6050I of the United States Code (USC), this section will discuss only those money laundering and currency violation under the jurisdiction of IRS, your consignment lacks proof of ownership certificate from the joint team of IRS and IRC, therefore you need to reply back immediately for direction on how to procure this certificate to enable us relieved the charge of evading the law on you, which is a punishable offense in the United States.

    You are required to reply back within 72hours or you will be prosecuted in a court of law for money laundering, also you are instructed to desist from further contact with any bank(s) or person(s) in Nigeria or the United kingdom or any part of the world regarding your payment because your consignment has been confiscated by the Federal Bureau here in the United States.

    Yours In Service,
    Agent Erick Bolt
    Regional Deputy Director
    Intelligence Field Unit

Leave Your Comment


Message is the only required field.
Emails are not published.