It seems like I’ve been getting an unusually large number of phishing emails lately, and I’ve began wondering whether everyone realizes how they can report phishing emails with their email provider. This article will highlight what phishing is, and why/how to properly report it.
What is a phishing email? I thought Wikipedia did a pretty good job of describing it:
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets.
A lot of people confuse these messages with spam, and when I asked a few people whether they report the phishing emails they all said yes. When I showed them how to do it the general response was “ohhhhh.” It turns out that all of them, some of which were computer savvy, just report these emails as spam without realizing that there are separate options for reporting phishing.
The reason why it is important to correctly report phishing emails is that warnings messages are more prominently displayed for other users. This is what a phishing email looks like in Gmail:
Now that you know what phishing is and why to properly report it, lets take a look at how you go about doing so in Gmail, Yahoo! Mail, and Windows Live Hotmail.
–Gmail–
Gmail is pretty easy because you just have to use the drop-down arrow located in the upper-right corner of each message. When you click it there will be an option labeled Report Phishing towards the end of the list:
–Yahoo! Mail–
Unfortunately Yahoo! Mail doesn’t have a built-in feature for reporting phishing emails, but they recommend that you forward the email in question to phishing@cc.yahoo-inc.com so that it can be analyzed. You can also report the phishing website to Yahoo! using this form.
–Windows Live Hotmail–
When you click on the Junk option in Windows Live Hotmail there will be a Report phishing scam option located at the bottom of the list:
I’ve never heard of a difference between the two. I just consider phishing a form of spam. When I see phishing messages in my spam folder, I think my mail service is doing a good job. I use Y!Mail and when I get phishing messages, I just click the spam button. I don’t think Y!Mail has any advanced warning message for phishing, so I don’t know what taking the extra effort to forward the message to that address would accomplish. I don’t think distinct phishing reporting is necessary. I don’t give out personal info in Emails, especially those in the spam folder, unless I know they’re legitimate.
[antispam.yahoo.com]
Somewhat on topic. Today I checked my spam folder and 15 of the 25 messages were false positives. That’s a horrible ratio! All 15 were w/in the last month, and all but one were auto messages (like mail delivery failed and E-buy confirmations — that $0.72 1GB flash drive I’m waiting on).
I have a question, how do I know the difference between spam and phishing if I never open the email?
taf
Wow, that is pretty terrible. I’m assuming that Yahoo! Mail learns from messages you tell it aren’t spam?
You’ll have to open the message in order to find out. There isn’t really a way around that.
Thanks for the tips, never knew those options were available. Will certainly use that from now on :)
No problem! If we only helped a handful of people it would be worth it. Interestingly enough the number of phishing emails I had seen hit my Inbox(es) in Gmail has been drastically reduced since writing this article. 8O
they want you to print full headers so they can track it down.but if it doesn’t initiate from their site they just say thanks but it’s not their client so they can’t take action. if i have yahoo & hotmail shows up in the headers how do i contact hotmail.
you’d think any server would want to stop the phishers.
Forward phishing to phishing-report@us-cert.gov
I keep getting phishing emails from what appears to be Bank of America. I have been opening them, right click, copy the source and routing, then forwarding that info to BOA @ abuse@bankofamerica.com. The phishers get angry becuase large corporations shut them down immediately. Within the last month I received another, and when I opened it to obtain the source and routing, was immediately infected with a very nasty Trojan. The forwarding to abuse@(name of insitution).com works for most legit companies and they are happy to get the info. Some get by my inbox Filter in Hotmail, but I simply move them to junk without opening them and the system learns. From now on I just delete them but that is a PITA. I saw on another forum how to report phishing emails in Hotmail Live. Doesn’t seem to work for me Running Explorer 7, even though it has Hotmail Live redirect. BTW: I am running Verizon Security Suite full version real time protection, and the Trojan still got through.
Try using a different internet browser, Microsoft is constantly coming out with “security fixes” for their browser. I recommend Google Chrome, much safer.
phishing@cc.yahoo-inc.com
I got a password phishing email and tried forwarding to phishing@cc.yahoo-inc.com and got this message after clicking send ” There was a problem!
The recipient info doesn’t seem quite right. Please look it over and try again.”
How do I forward the phishing email to Yahoo! if the reporting addy has a problem ?
I am trying to report a Yahoo!mail phishing email and am recieving the same error report. Looking at the phishing email, there is a similar address within the text that ends with cc.yahoo-inc.com.
Is that a ligitimate domain name, or is that itself another phishing site?
Seems phishy that we cannot access phishing@cc.yahoo-inc.com AND that domain shows up withing a phishing email.
At any rate, how are we supposed to report phishing emails to yahoo? All I find is a form to report websites or instant messages, nothing to forward emails to.
Do they not want to know about this??
Yahoo does NOT have a way for Non Yahoo account users to report phishing/abuse from Yahoo accounts. I had a discussion with Yahoo Customer Care on their live chat and was told by both an Agent and a Supervisor that I could use my own Yahoo account to report spam/phishing for other non yahoo users or encourage them to open a Yahoo account. All the links on the Yahoo Help page direct you to the Login Screen.
Joshua: If she really wants to report this Yahoo! account to directly to Yahoo!, you can report it for her or have her create a Yahoo! account.
Joshua: If she received an email form a Yahoo! Mail account or other email accounts. We encourage you to report such incidents to the appropriate provider or company involved. They will be in a better position to take appropriate action. You may also wish to report the phishing email to the Federal Trade Commission (FTC) by forwarding it to: spam@uce.gov
Those were from the supervisor. Nice to see Yahoo is condoning phishing and spam from their account holders by doing absolutely nothing for those who don’t use Yahoo.
2013 INPUT (feedback); Good page. Thanks. Yet,
Indeed, some email providers (hotmail?) don’t care about your spam IF it wasn’t sent through their machines. I don’t think anyone deals with “reply to” in the address/header or in the body of the text.
Some say to use “report phishing” regardless of WHO sent the email and they will advise others involved (gmail/google.)
Tangent on phishing. Just opening an email can advise the sender your address is valid, when the text (javascript) has something like [newsite.com]
As of this writing, hotmail/Micro$oft allows you to ‘view source/original’ without actually opening the email (see above paragraph), but gmail requires you to (see above paragraph.)
Bad people can hack into real sites and put a virus/malware in an item (folder/item.) Spam in these cases typically are sent on Friday night/Saturday when businesses are closed. Not their fault, except allowing insufficient security to exist (leaving the front door open when they go home)
As for the Internet company actually sending the spam/phishing directive, they are in business to send emails and don’t really care IMO if the emails are good or not. And as for site registraction, cheap or free for 30 days, same non-caring. Phony registratration or the hidden feature of GoDaddy (shame on them for allowing this protection), you can not find out who registered the site. But then again, even governments falsify registrations