US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.
You can report phishing to us by sending email to
What Is Phishing?
Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.
Learn More About Phishing
The following documents and websites can help you learn more about phishing and how to protect yourself against phishing attacks:
- Avoiding Social Engineering and Phishing Attacks
- Protecting Your Privacy
- Understanding Web Site Certificates
- Anti-Phishing Working Group (APWG)
- Federal Trade Commission, Identity Theft
- Recognizing and Avoiding Email Scams
Methods of Reporting Phishing Email to US-CERT
- In Outlook Express, you can create a new message and drag and drop the phishing email into the new message. Address the message to
email@example.com send it.
- In Outlook Express you can also open the email message* and select File > Properties > Details. The email headers will appear. You can copy these as you normally copy text and include it in a new message to
- If you cannot forward the email message, at a minimum, please send the URL of the phishing website.
* If the suspicious mail in question includes a file attachment, it is safer to simply highlight the message and forward it. Some configurations, especially in Windows environments, may allow the execution of arbitrary code upon opening and viewing a malicious email message.