Reporting phishing scams

From CastleCopsWiki

Considering their tremendous potential for doing irreparable financial harm to their victims, it is of paramount importance to remove the sites hosting phishing exploits from the Internet as quickly as humanly possible. There are a number of agencies, both public and private, that can assist in that process if the existence of these sites is promptly reported and such reports contain proper identifying information. While the reporting requirements and preferences can vary by agency there are certain key items of information that are essential.

The overwhelming preference is to obtain the full source code of the email including all header data. The absolute minimum is the Uniform Resource Locater (URL) of the fraudulent site. The methods used to retrieve this information will vary depending on whether the recipient uses webmail or desktop client and even according to the particular type of each that is in use.

It is certainly possible for an individual to report these sites personally but the process can be both tedious and confusing. To simplify the process Castlecops has launched a service which allows individuals to report a suspected phishing site, have it investigated, and, if verified, reported to all interested agencies. The following describes how to submit a suspected phish through the Castlecops service.

[edit] Reporting a Phishing Site through Castlecops

1. If possible, retrieve the full source code of the email and copy it to the clipboard. For assistance in this step please see Retrieving Email Source Code

2. If you are unable to retrieve the email source code then retrieve the URL of the fraudulent site. Note that the URL shown in the email is seldom the URL to which the recipient is actually directed. For assistance with this step please see Retrieving URLs from Emails

3. With the data to be reported copied to the clipboard navigate to the Castlecops Fried Phish module

4. Paste the data to be reported into the appropriate input field at the URL Above, it looks like what's below, but you cannot paste anything there.

If full email source is being reported it should be pasted in the large input field labelled Paste in full email source of phish. If only the URL is being reported it should be pasted into the smaller field marked enter a complete phish URL. After the data has been pasted the reporter need only click on the button marked Report a Phish. Once submitted the information is passed to Castlecops handlers who will thoroughly investigate the report and, upon verification, publish the results and forward the findings to all relevant agencies.

The Phishing Scam Introduction: | What is: Phishing? | Pharming? | Social Engineering? The Anatomy of a Phishing Scam: | Signs of a scam Reporting Phishing Scams: | Fried Phish Retrieving Email Source Code: | MWP | OE | Outlook | TB | Gmail | Hotmail edit this template