It seems like I’ve been getting an unusually large number of phishing emails lately, and I’ve began wondering whether everyone realizes how they can report phishing emails with their email provider. This article will highlight what phishing is, and why/how to properly report it.
What is a phishing email? I thought Wikipedia did a pretty good job of describing it:
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets.
A lot of people confuse these messages with spam, and when I asked a few people whether they report the phishing emails they all said yes. When I showed them how to do it the general response was “ohhhhh.” It turns out that all of them, some of which were computer savvy, just report these emails as spam without realizing that there are separate options for reporting phishing.
The reason why it is important to correctly report phishing emails is that warnings messages are more prominently displayed for other users. This is what a phishing email looks like in Gmail:
Now that you know what phishing is and why to properly report it, lets take a look at how you go about doing so in Gmail, Yahoo! Mail, and Windows Live Hotmail.
–Gmail–
Gmail is pretty easy because you just have to use the drop-down arrow located in the upper-right corner of each message. When you click it there will be an option labeled Report Phishing towards the end of the list:
–Yahoo! Mail–
Unfortunately Yahoo! Mail doesn’t have a built-in feature for reporting phishing emails, but they recommend that you forward the email in question to phishing@cc.yahoo-inc.com so that it can be analyzed. You can also report the phishing website to Yahoo! using this form.
–Windows Live Hotmail–
When you click on the Junk option in Windows Live Hotmail there will be a Report phishing scam option located at the bottom of the list:
I’ve never heard of a difference between the two. I just consider phishing a form of spam. When I see phishing messages in my spam folder, I think my mail service is doing a good job. I use Y!Mail and when I get phishing messages, I just click the spam button. I don’t think Y!Mail has any advanced warning message for phishing, so I don’t know what taking the extra effort to forward the message to that address would accomplish. I don’t think distinct phishing reporting is necessary. I don’t give out personal info in Emails, especially those in the spam folder, unless I know they’re legitimate.
[antispam.yahoo.com]
Somewhat on topic. Today I checked my spam folder and 15 of the 25 messages were false positives. That’s a horrible ratio! All 15 were w/in the last month, and all but one were auto messages (like mail delivery failed and E-buy confirmations — that $0.72 1GB flash drive I’m waiting on).
I have a question, how do I know the difference between spam and phishing if I never open the email?
taf
Wow, that is pretty terrible. I’m assuming that Yahoo! Mail learns from messages you tell it aren’t spam?
You’ll have to open the message in order to find out. There isn’t really a way around that.
Thanks for the tips, never knew those options were available. Will certainly use that from now on
No problem! If we only helped a handful of people it would be worth it. Interestingly enough the number of phishing emails I had seen hit my Inbox(es) in Gmail has been drastically reduced since writing this article.
they want you to print full headers so they can track it down.but if it doesn’t initiate from their site they just say thanks but it’s not their client so they can’t take action. if i have yahoo & hotmail shows up in the headers how do i contact hotmail.
you’d think any server would want to stop the phishers.
Forward phishing to phishing-report@us-cert.gov
I keep getting phishing emails from what appears to be Bank of America. I have been opening them, right click, copy the source and routing, then forwarding that info to BOA @ abuse@bankofamerica.com. The phishers get angry becuase large corporations shut them down immediately. Within the last month I received another, and when I opened it to obtain the source and routing, was immediately infected with a very nasty Trojan. The forwarding to abuse@(name of insitution).com works for most legit companies and they are happy to get the info. Some get by my inbox Filter in Hotmail, but I simply move them to junk without opening them and the system learns. From now on I just delete them but that is a PITA. I saw on another forum how to report phishing emails in Hotmail Live. Doesn’t seem to work for me Running Explorer 7, even though it has Hotmail Live redirect. BTW: I am running Verizon Security Suite full version real time protection, and the Trojan still got through.