How to Report Phishing

Reporting phishing attacks is one of the most effective ways ordinary internet users can help reduce online fraud. Every report helps security teams identify malicious websites, block dangerous domains, update threat intelligence databases, warn potential victims, and disrupt phishing campaigns before they reach more people.

Many phishing operations rely on speed. The faster a phishing website, email campaign, or scam domain is reported, the greater the chance that it can be blocked or removed before causing significant harm.

What Is Phishing

Phishing is a type of cybercrime in which attackers impersonate trusted organizations, brands, government agencies, delivery companies, banks, cloud providers, or colleagues to steal sensitive information.

The goal may be to obtain:

Usernames and passwords.
Credit card information.
Banking details.
Personal information.
Authentication codes.
Corporate credentials.

Phishing attacks are commonly delivered through email, SMS messages, social media platforms, messaging applications, QR codes, and malicious websites.

Why Reporting Phishing Matters

Many users simply delete suspicious messages. While this removes the threat from their inbox, it does nothing to stop the campaign.

Reporting phishing provides several important benefits.

Protects other potential victims.
Helps security providers update detections.
Supports domain abuse investigations.
Assists hosting providers with takedowns.
Helps law enforcement and fraud teams.
Reduces the lifespan of phishing campaigns.
Improves threat intelligence databases.

A single report may contribute to the removal of a fraudulent website or help security systems detect future attacks more quickly.

How To Report A Phishing Email

Most modern email providers include built-in phishing reporting tools.

Instead of simply deleting suspicious messages, use the reporting option provided by your email service whenever possible.

General recommendations include:

Do not click links.
Do not open attachments.
Keep the original message intact.
Preserve email headers if possible.
Use the phishing reporting feature.

Reporting suspicious emails helps improve spam filtering and phishing detection systems.

How To Report A Phishing Website

If you discover a phishing website, report it to the organizations most capable of taking action.

This may include:

The website hosting provider.
Browser security services.
Search engines.
Cybersecurity reporting platforms.
The impersonated organization.

Providing accurate information improves the chances of successful investigation and removal.

How To Report SMS Phishing

SMS phishing, often called smishing, uses text messages to trick victims into clicking malicious links or disclosing sensitive information.

When reporting SMS phishing:

Save the original message.
Record the sender number.
Capture screenshots.
Report the message to your mobile provider.
Avoid interacting with embedded links.

Mobile carriers often maintain dedicated fraud reporting processes.

How To Report QR Code Scams

QR-code phishing attacks, sometimes called quishing, have become increasingly common. Attackers distribute QR codes that redirect users to credential theft pages, fake login portals, payment scams, or malware downloads.

If a QR code leads to a suspicious destination:

Save an image of the QR code.
Document where it was found.
Record the destination URL.
Report the website and campaign.

What Information Should You Save

The more information you preserve, the easier it becomes for investigators to analyze the incident.

Screenshots of messages.
Complete URLs.
Email sender details.
Headers when available.
Date and time information.
Downloaded files.
Redirect destinations.
Domain names involved.

Preserving evidence before reporting can improve investigation outcomes.

If You Already Clicked The Link

If you interacted with the phishing website, additional actions may be necessary.

The level of risk depends on what happened after clicking the link.

Did you enter credentials?
Did you provide payment information?
Did you download a file?
Did you install software?

If sensitive information was submitted, secure affected accounts immediately and investigate potential compromise.

How 2check.click Helps Before Reporting

Before submitting a phishing report, it is often useful to understand exactly what a suspicious link does.

2check.click helps users analyze URLs, reveal hidden destinations, identify redirect chains, detect phishing indicators, inspect suspicious domains, decode encoded content, and understand risks in plain English.

This information can make phishing reports more accurate and provide valuable context for investigators.

Common Mistakes When Reporting Phishing

Deleting evidence too quickly.
Failing to save screenshots.
Reporting without recording URLs.
Clicking suspicious links repeatedly.
Ignoring phishing attempts entirely.

Taking a few minutes to preserve useful information can make reports significantly more valuable.

Frequently Asked Questions

Should I report every phishing email?

Yes. Even if the message appears obvious, reporting helps improve detection systems and protect other users.

Can reporting phishing actually make a difference?

Absolutely. Many phishing websites and domains are removed because users report suspicious activity.

What if I am not sure whether a message is phishing?

Investigate the sender, domain, links, and context before interacting with the message. Security tools can help identify suspicious indicators.

Should I visit a phishing website to gather evidence?

No. Avoid interacting directly with potentially malicious websites unless you have appropriate security knowledge and controls in place.

Related Security Guides

Final Thoughts

Reporting phishing requires only a small amount of effort but can have a significant impact. Every report contributes to the identification, investigation, and removal of fraudulent websites, malicious domains, phishing emails, SMS scams, and QR-code attacks. By reporting suspicious activity and encouraging others to do the same, internet users play an important role in making the online environment safer for everyone.