How to report a scam attack

The phishing and scam attacks are types of social engineering attack where the threat actor tries to manipulate the user to behave in such a way that he can achieve one or more of the following objectives (compromise the host, stealing data such as PII, PHI, Financial data, confidential data etc.)

There are many types of social engineering attacks:

Phishing

Spam over Internet messaging

Spear phishing

Dumpster diving

Shoulder surfing

Smishing

Vishing

Spam

Tailgating

Whaling

Prepending

Identity theft

Invoice scams

Hoax

Typosquatting

The attack is the most and easiest technique used nowadays by the threat actors to target the victims.

If you have been browsing over the internet or you have been using an email address to send and receive messages, then you probably at least one time face with this type of attacks.

The attack can be very impactful, many organizations or individuals who are victim of this type of attacks can lose quantitatively (money) and qualitatively (reputation), so it is crucial to know how to be protected from the attack and also how to report it.

Example of quantitative loss:

• Receiving a fraudulent message saying that you won in a lottery, you need to send some money to get back your jackpot. This technic is often used by the scammers to tricks the user to pay money.
• Fake financial investment website where people invest money with no ROI (example read the article Goldman website scamming people in Guinea-Conakry and around the world. – osintafrica)

Example of qualitative loss:

• Sextortion abuse. Example: Using a social engineering attack to gain access to someone mobile phone or notebook in order to blackmail the person.

Considering that the attack is the most efficient way to target the victim, most of users who are impacted by this attack do not report it, which causes more victims.

By reporting the attack, we can protect yourself and other. They are many ways to report the attack, below we will describe and share with you the details about each.

• How to report scam using Gmail

When you receive a suspicious message, you can report from your Gmail account by doing:

• Click on the email you received
• Click on the ellipsis sign (the tree dot in the right corner)
• Select report Spam or the second ellipsis – select block user

By doing that, the IT department from Google will review and block the message if it is used for social engineering attack.

• How to report scam using Outlook

– Click on the email you received

–Click on the ellipsis sign (the tree dot in the right corner)

– Select report Junk report or block user or phishing, the email will be removed from your inbox and send to the IT department of Microsoft for further analyses.

NB: The same option is available on other email service such as Yahoo, Hotmail and others.

Reporting phishing abuse over social media

• Facebook

 You can always report strange emails to phish@fb.com.

• Instagram

           You can always report strange emails to phish@instagram.com.

• LinkedIn

If you receive a phishing message on LinkedIn, you can report it, by clicking on the message you received, on the right corner click on More …icon and selecting one of the below options:

– It’s spam or a scam

-It’s a scam, phishing, or malware

• Twitter

If you want to report a post with a link used for phishing attack, on the right corner click on More …icon and selecting report Tweet, click on next – start report – choose the option for example” myself” – next – Spammed.

You can also report social engineering abuse by reporting the domain or URL to a third-party service provider.

Examples:

• PhishTank List of potential phishing sites: PhishTank

When you receive a phishing email, you can report via the website. You can use the website also to check if the domain you received is a phishing domain.

• Report a Phishing Page (google.com)

The following page is used by Google to report phishing abuse.

• APWG | REPORT PHISHING (antiphishing.org)

The website belongs to APWG which is an anti-phishing working group, you can report the phishing email to reportphishing@apwg.org  for further analysis.

• Report a phishing page – ESET

The website belongs to ESET group to report phishing abuse.

• Where to report scams | USAGov

 The website belongs to the USA government for reporting different types of phishing abuse.

• Internet Crime Complaint Center(IC3) | File a Complaint

The website is used to report internet crime such as phishing, ransomware, corporate data breaches and others.

• gov: econsumer – Report international scams online!

The website is used to report different types of scams or fraud such as Jobs and Making Money, Travel and Vacations, Lottery, Sweepstakes, or Prize Scams, Online Shopping/Internet Services/Computer Equipment and others.

• Phishing Initiative (phishing-initiative.eu)

Phishing Initiative helps fight against phishing attacks.

When you report the address of a suspected phishing website, the emails will be analyzed it and blocked if the address is malicious one.

• Phishing takedowns, faster – phish.report

By reporting the URL or domain, they will analyze  and it takedown if it is malicious.

In conclusion, the social engineering attack is easy to perform but the impact can be very devastating. Reporting the attack will save many people. So, it is crucial to report the attack as soon as possible to lessen the impact and stop it.