Pin Me

Recognizing Phishing Email Scams: How to Report Phishing Scam Emails

written by: Sylvia Cochran•edited by: Lamar Stonecypher•updated: 4/26/2010

Phishing email scams are likely to hit an email in-box on a daily basis. Sometimes they are caught by spam filters and the user never sees them. Other times the phishing scam emails do not fit the algorithm the filter relies on and the consumer must discern if it is indeed from the purported sender.

  • slide 1 of 4

    The Rationale behind Phishing Email Scams

    Phishing scam emails are a premier means for cyber criminals to obtain sensitive information from unwitting parties. They generally contain clickable links that direct online users to access data mining websites. There they are asked to input certain data such as credit card information, login data, passwords and other information.

    Once this kind of data is obtained via a phishing email, it may be used to hack into computer users’ accounts. In other cases, sensitive data may be collected and then used to open up fraudulent accounts in the phishing victim’s name.

  • slide 2 of 4

    Recognizing Common Phishing and Email Threats

    Members of the Institute for Software Research International at Carnegie Mellon University(1) champion the use of filtering software that recognizes the properties of typical phishing emails. Likening it to separating birds from fish by virtue of the presence– or absence– of certain organic features, the researchers believe that machine learning can take on quite a few tasks related to eliminating phishing emails before they ever get into an Internet user’s email account.

    While this kind of technology can be hit or miss, there are some points the computer user can take away from the research. Examples include:

    • Be vigilant about email texts encouraging a user to ‘click here’ to verify the account. This kind of hyperlink usually leads to a third-party website that is not affiliated with the agency or organization that the phishing scam purports to represent. Do not click the link but type in the site’s address directly. The odds are good that after logging in there is no notice about any information that needs to be verified.
    • Evaluate the length of the URLs contained within an email. Scam artists try to make links look legitimate by including well known address names at the beginning, but the actual .com address is a fraudulent site. Researchers offer the example of “http://www.google.com/url?q=http://www.badsite.com/update.cgi,” where Google.com is used to fool the user while Badsite.com will be the actual address.
  • slide 3 of 4

    How to Report Phishing Emails

    Email phishing is a crime, but learning where to send phishing emails for the sake of reporting can be frustrating. As a general rule of thumb, major corporations, government agencies and also financial institutions have dedicated email accounts to which a consumer can forward purported phishing email scams.

    For example, the IRS has dedicated phishing@irs.gov for email inquiries by taxpayers who want to know if a communication is indeed from the Internal Revenue Service or from someone else. Another way of filing a complaint about phishing scam emails is via the Internet Crime Complaint Center(2). This entity is a partnership between the FBI, the National White Collar Crime Center and also the Bureau of Justice Assistance.

  • slide 4 of 4

    Sources

    1. Carnegie Mellon University. “Learning to Detect Phishing Emails” (accessed April 26, 2010)
    2. Internet Crime Complaint Center. “Filing a Complaint with IC3” (accessed April 26, 2010)