74 total posts
(Page 1 of 3)
Outlook.com Has Simple Option to Report Phishing
Outlook.com is web-based free email. The menu above the user's list of emails in Inbox and JunkMail includes a dropdown arrow next to "Junk". Click the arrow and you can choose "Phishing" (also there's a "Block" option). For those who don't already know, Outlook.com started years ago as Hotmail.com and has been renamed several times since. A long time ago some spammers set up bogus accounts at Hotmail to send out bulk spam, forcing Microsoft to get serious about helping users avoid this. They also successfully prosecuted large scale spammers and hackers both here and abroad. I'm sure other email services also allow users to report phishing, don't they?
Thank you for sharing.
This reporting does helps curb Outlook users from receiving these phishing emails. However in addition to this, reporting those phishing emails by forwarding them to the organization will alert them to investigate and pursue those fraudulent sites.
Completely Agree with You
I sometimes think that they hide that address because they get a lot of false positives for phishing ("Are you sure this email was REAL??") and also they really don't want a lot of stuff coming in (one or two emails...). However, this makes it hard for people to want to report stuff. I don't report "junk mail" advertising, especially when they misspell the name of the company, but anything "dangerous" I try to report that. I can see if you have to "Try" 4-6 email addresses or wind up having to go to the web site and click on "support" or "Contact us" that people will be discouraged especially when they rarely get a personal reply of "thanks" (picture you are one of 100K users sending in a report). But, the one thing that will stop phishing attacks? If it never works, they will stop doing it. Phishing is mostly automated so that the bad guys can send out zillions of the emails at a single click. If only 2-3 people fall for the scam, they have made a huge profit and the financial institution will have to recover from all of their consumers.
Great question! I have found that a quick web search on "spoof reporting <site name>" also helps if you don't have a handy list.
Nothing gets fixed with Outlook
I have reported hundreds of spoof, scam emails via Block and phishing drop down menu option on Outlook and nothing gets done. The same emails keep coming back over and over again. I don't think anything happens at all to this avenue of reporting fake emails.
I Use Norton
Between the SPAM filters on my re mailer (www.pobox.com) and my Norton has spam filters as well, I don't get to see too much SPAM. Phishing emails really should go to the company that alledgedly "sent" the email, like your bank.
Outlook does have spam filtering but I leave it turned off or it would take forever to get through three spam filters. Did you check your junk mail options to see if the feature is set up the way you want?
What users do not notice is...
The message "body" remains the same, the address/link is different; you would be able to see this when you temporarily move the message to the junk folder and then from there you can view the message source. You will see how they manage to bounce through 5 to sometimes 12 different servers to get to you. They are getting more complicated in the way they can attack you, at least with the outlook/hotmail you can "hover" you're mouse curser over the message and you can see the address of the sender; if in doubt... do not open the message.
Thunderbird also shows true URLs
Thunderbird will also show the "real" urls in the status field upon hovering.
Report PHISHING Outlook.com to: firstname.lastname@example.org; likewise for Hotmail.com and Live.com; I include an explanation of what I am reporting, the complete header, and the text body.
The contact point for the phishing listed as the reply-to address in the header is your client:
This violates your Microsoft Services Agreement, so please terminate this account. Thank you.
Likewise for when the phishing address is in the Text (or attachment if Word, txt, or pdf) body, Sometimes it takes two times, sometimes one, but you will receive a reply within 1-2 days.
it's not the same for spam; they will not close it if it did not originate from MSN (for a spoofed spam email), so I just report those to email@example.com.
But the real place to send phishing email to is the people who the email is "supposedly" from. If it is from YourBank, then send it to YourBank but remember not to forward the email as email. They, if they investigate, will need the original headers. That is, send them an email and than attach the bad phishing mail (as an "object" or as an "attachment". If nothing else, it warns them that they are about to be hit by fraud.Be thankful you caught it. Others may not be so lucky.
Don't send messages to "supposed" mailer
A spammer used my email address as the address from which the email was sent. I received close to 3,000 bounced messages before this stopped. Gmail thought my address was a spammer so I could not send to any Gmail addresses from my home. I had to send those messages using my Gmail account. It was three weeks and making contact with Google/Gmail before I was able to send mail to a Gmail address. Hoffman, hope your email address is never used by a spammer as his return address.
Not Exactly the Same Thing
In the case you are talking about where a Spammer uses YOUR email address as the from address, I don't see why you wouldn't respond to the email of the sender. I'd LIKE to know if email is going out with my address as the FROM address so I can analyze the situation and assume that one of my "friends" has malware on his or her computer. But what we are talking about here is NOT spam. It is about phishing which is a whole nuther thing! The "from" is a bank or financial institution and they are trying to get you to click on a link to login to your bank account only the LINK is phony and goes to a hacker's website so you reveal your credentials to them. The real bank (assuming the reply to is even real) wants to know what is going on. If it is a big organization, they can look at the headers (or hire someone) to track down a thief or at least prepare for an onslaught of their customers wanting to know why their money disappeared. If they didn't want to know, they would not have special email addresses for you to attach the suspected fraud email to and notify them. This is NOT spam; it's fraud. And the address to send the bad email to (as an attachment) is NOT the reply-to address of the mail. SPOOF@companyxyz.com, for example.
Outlook.com Has Simple Option to Report Phishing
Did not say what the site address was or how to report other than junk or phishing which I thought just went to a pile - I would rather send to site like Paypal or Amazon etc.
could use Wal-Marts,
here is Amazon:
Report Suspicious E-mails or Webpages
We take phishing and spoofing attempts on our customers very seriously. If you receive a correspondence that you think may not be from Amazon, please report it to us by sending the e-mail or webpage to firstname.lastname@example.org.
To report a phishing or spoofed e-mail or webpage:
Open a new e-mail and attach the e-mail you suspect is fake. For suspicious webpages, simply copy & paste the link into the email body. If you can't send the e-mail as an attachment, you can forward it.
Send the e-mail to email@example.com
Note: Sending this suspicious e-mail as an attachment is the best way for us to track it.
Post was last edited on December 26, 2018 8:04 PM PST
Bank of America
Here is Bank of America
To report a suspicious email: please forward it to us at firstname.lastname@example.org. We will only reply to your message if we require additional information.
To report a suspicious text: Forward it to us immediately at email@example.com. Include a screen shot or copy of the message and the number of the sender.
Post was last edited on December 26, 2018 8:02 PM PST
Bank of America
Forward email to:
This will become unwieldy very quickly
Not to be a party-pooper, but a previous reply suggesting that marking the email as spam within the email reader is really the best option. I realize this post is about "phishing" (not spamming), but as phishing emails are reported as spam, the email providers will do a better job of filtering them out.
If you do get a phishing email and have good anti-virus protection installed, I suggest clicking on the link. This will let you know if the browser already recognizes the site as a phishing site and blocks it. And if it doesn't block, at that point, you can use the browser to report the site as a phishing site. This reporting will be much more effective at protecting the community that simply reporting the email to the "real" organization. It goes without saying that, after clicking on a link, do NOT enter any personal information.
Finally, assuming that this "list" of contacts is compiled, who will manage it? How will it be searchable? How will people even know to look here (on a CNET Forum) to find this information?
I wish everyone a SAFE and happy New Year.
I would be careful of that.
Personally, I suggest NEVER clinking on any link in a phishing or spamming email. Even the best anti-virus software can not keep up with the very fast proliferation of bogus web sites popping up all the time. Anti-virus software developers depend on users (as well as AI) to identify malicious sites. If you happen to be one of the first few users to click on a link that norton or anyone else has not yet identified as in a relatively new site your screwed. Malware is installed and who knows what you need to do next. Let the artificial intelligence work- DO NOT CLICK LINKS.
Phishing sites want you to login, so they won't infect you
You are correct to avoid links that lead to downloads, because, as you said, there is the possibility of contracting a zero-day infection which has not yet been identified. But this article is about phishing, where the goal of the attacker is to get you to login somewhere to reveal your username and password. Phishing sites are designed to look like legitimate sites, so they typically will NOT infect your computer. They just want your personal information.
At Least Here in the U.S.
Phishing EMAILS (NOT websites) are defined as emails telling you that you need to login to your bank account or other important site, and they all supply a LINK that is NOT a download, but a link to their malignant login page. It looks like your bank's login page, but it is NOT. It belongs to the bad guys and, when you type in your userid and password, it captures that information. That is, the EMAIL is phishing, not the site itself because the email contains bad links and a sense of urgency. At least that was my understanding while working on the inter-departmental security teams at a major county government (and before as well).
What if it's ransomware?
What if you click on a link that your protection doesn't block and it happens to be ransomware?
Remember the Rule
NEVER click on links in an email. If it is your bank, for example, go login to the bank by your browser. Links can be phony.
Ransomware requires download and your PERMISSION to execute
As confirmed by Hforman, phishing sites do not intend to harm your computer. The goal of a phishing site is to fool you into giving up your login credentials (username and password). Ransomware (and all other viruses) are hidden inside FILES that you are fooled into downloading. Either they are sent as attachments to emails, or they masquerade as "drivers" (e.g. The xxxxx Video player requires a driver - click here to install). Even then, those files will ask for your PERMISSION to run (e.g. "xxxxx Program wants to change your computer settings" or something to that effect). If you give your permission, then you can get infected if the file contains malware.
Since this discussion is about PHISHING, I am suggesting ways to safely "probe" websites to see if they have already been reported as phishing sites; and if not, letting you know that many browsers will allow you to report the phishing site while you are on the site.
Chase, EBay, Skype, and USPS
US Postal Inspection Service (USPS):
Report Phishing, SPAM or fraudulent emails to FedEx
Forward the bogus email to
More phishing report addresses
And to get the attention of law enforcement authorities:
firstname.lastname@example.org (the Anti-Phishing Working Group)
Additional guidance on reporting: wikihow.com/Report-Phishing