What can I do about reporting phishing emails?
Phishing emails are a big problem. If you don’t know what phishing is, then you’ve either been extremely lucky or you’ve not read What is phishing? In brief, phishing emails are social engineering attacks that are trying to make you part with private and personal information (like the username and password that you use to log in to websites or your bank details so the scammers can empty your bank account) by conning you to enter those details in fake websites.
Unfortunately, phishing emails are well crafted, so spam filters rarely catch them.
What can you do if you spot a phishing email?
The simple thing to do is to just delete it. However, if you want to help fight back against the scammers, you can report the phishing email to the National Cyber Security Centre (NCSC) and/or the Anti-Phishing Working Group (APWG). Both of these organisations have an email address that you can forward the email to. For more information see the Suspicious Email Reporting Service page on the NCSC website and the Report Phishing page on the APWG website.
What happens when you report a phishing email
I spoke with representatives from the NCSC and the APWG as part of my PhD research to find out. Both organisations have similar procedures for when you report a phishing email. They examine the email to confirm that it is really phishing – according to the NCSC representative that I spoke to, only 15% of emails sent to them are actually phishing, most of the rest are spam. If they are phishing emails, the URLs of the websites are added to the organisation’s database. This database is made available to the organisation’s partners so that they can check URLs that are clicked on. The partners include organisations like anti-virus, firewall and browser plugin developers and large commercial finance organisations (like PayPal and banks).
The NCSC then go one step further. They attempt to have the spoof website blocked or taken down. UK website hosting companies are generally very compliant, often taking a site down within minutes of receiving a request from the NCSC. The response from overseas hosting companies is variable, ranging from compliance to totally ignoring the request. However, the NCSC can try to block access to an overseas hosted site.
Who are the NCSC and APWG?
The NCSC is part of the UK’s Government Communications Headquarters (GCHQ) and as such has the backing of the government to take down malicious websites – especially if those websites are attempting to spoof a legitimate .GOV.UK website.
The APWG is an international coalition of member organisations that are attempting to unify a global response to cybercrime across industry, government, and law-enforcement sectors. Their premium sponsors and steering committee members are listed on their website
Do you want to learn more?
Network Midlands runs seminars to help you detect and defeat social engineering attacks. Find out more at “The Art of Deception“.