Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
report phishing to us by email

US-CERT is collecting phishing email messages and web site locations so that we can help people avoid becoming victims of phishing scams.

You can report phishing to us by sending email to phishing-report@us-cert.gov

What is Phishing?

Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent web site that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent web sites may contain malicious code.

Learn More About Phishing

The following documents and web sites can help you learn more about phishing and how to protect yourself against phishing attacks.

Methods of Reporting Phishing Email to US-CERT

  • In Outlook Express, you can create a new message and drag and drop the phishing email into the new message. Address the message to phishing-report@us-cert.gov and send it.

  • In Outlook Express you can also open the email message* and select File > Properties > Details. The email headers will appear. You can copy these as you normally copy text and include it in a new message to phishing-report@us-cert.gov.

  • If you cannot forward the email message, at a minimum, please send the URL of the phishing web site.
* If the suspicious mail in question includes a file attachment, it is safer to simply highlight the message and forward it. Some configurations, especially in Windows environments, may allow the execution of arbitrary code upon opening and viewing a malicious email message.