How to Report Phishing?

Claude AlmansiBy Claude Almansi
Editor, Accessibility Issues

On Dec 8, 2010, I received the following e-mail, entitled “Alert!”, at my gmail address, apparently from “GMAIL <onlineupdatealert@gmail.com>”:

Dear Email Client,

There was a failed attempt to login into your account from a blacklisted IP. Kindly login below
http://www.gmail.com

It looked suspiciously phishy so I checked the source – click here to see the source.

The full header indicates that the sender might be spoofed, the chunk of code suggests a web bug that verifies that the message has been viewed, hence that the receiver’s address is valid and spammable, and the last two lines show that what appears to be the URL of the legit gmail login page actually links to a well-made duplicate: http://www.4dsystems.com.au/flashimg/gmail/signon.html.

Being in Switzerland, I reported the phishing attempt to the cybercrime coordination unit of the CH federal police via the form reachable at its scoci.ch site (cyco.ch in English).

A few hours later, Firefox – and maybe other browsers – blocked access to that phishing page with a “counterfeit page” warning, and now it has been removed altogether.

I’m not saying that my reporting that attempt caused the block and deletion: others probably reported the problem before me, and  Google (of which gmail is an app) and Firefox have their own tools (see Google & Firefox 2 Anti-Phishing Warning In Action by Danny Sullivan. Search Engine Land. Jan. 20, 2007). However, reporting phishing attempts is a civic duty, as these tools rely on users’ reports.

In the case of gmail, you can also report phishing attempts to gmail by opening the message then clicking on the down arrow next to “Reply” on top:

screenshot of a gmail e-mail, with arrow circled

This opens a scrolling menu that includes “Report phishing”:

screenshot of the scrolling menu mentioned above, with "Report phishing" circlled

Please add other ways for reporting phishing, be it to a country’s official cybercrime unit or to a trusted organization.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s