BlogDefence19TH OCT 2023
AuthorSamir Yawar
5 min read
Defence

Report Phishing and Online Scams with 3 Simple Steps

Twitter
Facebook
WhatsApp
Email
LinkedIn
A comic strip explaining why its important to report phishing attacks

The year is 1995 and Sandra Bullock’s The Net is getting lampooned by viewers. People feel that the cyber thriller’s depiction of identity theft and evil hackers is too far-fetched. An easy conclusion to make in an age with no smartphones or social media. No wonder then, that Sandra’s journey to expose and report phishing attempts were laughed off by critics and cinemagoers alike.

In the years since, things have changed. People have accepted that Sandra is a great actress (with an Oscar no less), and that The Net, while not a piece of seminal filmmaking, got a lot right about cyberspace and its place in human society. Even the FBI concedes that email phishing leads to 90% of successful cyber attacks.

Sandra Bullock film clip

Yes, really.

It is important to learn how to report phishing and online scams properly. 

You’ll be surprised how easy and painless it is to make phishers and cybercriminals pay.

How to Report Phishing Scams the Right Way

What is phishing? They are fraudulent attempts to fish out personal or corporate information from you for malicious purposes. To steal your money, identity, even workplace secrets.

A clip of Sandra Bullock eating

Well, now you do.

Before we get to the part about how to take these cybercriminals to task, we need to be aware of online scams in their various forms. And we’ve got just the thing to refresh your memory:

Next, we will discuss how to spot a phishing scam before it wreaks havoc.


1. Know what types of information phishers need from you

"I just don't, I don't understand. Why me? Why me? I am nobody. I am nothing.”

There are over 5.19 billion internet users worldwide as of July 2023. They all have one common yet valuable commodity that cybercriminals want - data.

Hackers aren’t people who sit behind a computer and type fancy, techie commands to unearth your passwords. They rely on much more to target you. They can even turn on the charm to get information out of you in the most unassuming way.

Social engineering they call it.

These are some of the things social engineers need to get out of you to steal your identity:

  • PIN numbers

  • SMS codes

  • Passwords

  • Credit Card details

  • Bank Account information

  • Phone numbers

  • Personal identification

  • Answers to security questions

  • Multifactor authentication codes

Avoid giving out these types of personally identifiable information to anyone unless it is someone you absolutely trust.

Too much information to memorize? No problem. Just remember that any personal or sensitive information is off-limits to anyone.

Sandra Bullock’s Angella Bennett may have been targeted by a mere disc….

The floppy disc from The Net.
The disc in question / Source: Columbia Pictures

……but today’s hackers rely on more modern means to trick you:

  • Fraudulent emails and other messages that look like they're from legitimate companies

  • Misleading pop-ups or ads that say your device has a severe security problem 

  • Scam phone calls or voicemails that impersonate Tech Support

  • Fake promotions offering free products and prizes

  • Unwanted invitations and subscriptions

2. Ignorance is the best policy

“They've done it to me, and you know what? They're gonna do it to you."

Social engineers can target this Sandra:

A clip of Sandra from Superstore

Also this one:

The Sandra from comedy Brooklyn Nine-nine.

As well as this one:

Sandra Bullock in a beauty pageant

But not if you ignore these scammers. It is that simple.

If you receive an urgent request that doesn’t seem right, hang up or close the message. You aren’t being rude — you are being wise.

Actions to avoid:

  • Do not sign on to your account from a link embedded in a suspicious message 

  • Do not share personal account information such as your PIN, password, or one-time access codes

  • Do not click any links or open attachments, which can install malware on your device

  • Do not call phone numbers included in any communication unless you’re sure of the source

  • Do not allow remote access to your computer

  • Do not give any information to emails, calls or websites that offer government services

Sandra has some advice
Or you can always stay offline to thwart phishing attempts.

3. Report and Delete It

"Just think about it. Our whole world is sitting there on a computer. It's in the computer, everything: your DMV records, your social security, your credit cards, your medical records. It's all right there. Everyone is stored in there. It's like this little electronic shadow on each and everyone of us, just, just begging for someone to screw with.”

Some of us want to make the virtual world a better place. Because for all practical reasons, we rely on the internet to work and stay in touch with our loved ones.

In this case, there are two things you can do:

  • Use the “Report” feature in your email, communication or social media app.

  • Forward the details of a phishing scam to the relevant governmental authorities:

Conclusion

Cybersecurity is a vast area and social engineering techniques rely on targeting the weakest link - the human link. We’ve discussed a few tips that, along with a robust cybersecurity awareness training program, can help you deal with the majority of cyber attacks, especially those that involve phishing or spam.

Note: This blog is part of Pureversity's Cybersecurity Awareness Month 2023 coverage, aiming to empower you, your home, and your workplace with an improved cybersecurity posture.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
Phishing is a type of online scam where cybercriminals impersonate legitimate entities to trick you into revealing personal information or money. Reporting phishing is important because it helps protect you and others from falling victim to these scams and prevents further malicious activity.
Reporting a phishing attempt typically involves forwarding the suspicious email or message to your email provider or a relevant authority. Most email services have a "report" or "spam" button to help you do this. Additionally, you can report phishing to organizations like the Anti-Phishing Working Group (APWG) or the Federal Trade Commission (FTC).
When reporting a phishing attempt, include the suspicious email or message, its sender's information, and any website links provided in the email. Provide as much detail as possible, but do not click on any links or download any attachments within the suspicious message.
Reporting phishing is an essential step, but it may not guarantee your immunity from future scams. However, it contributes to making the internet safer overall, which can reduce the prevalence of phishing attempts. Being vigilant and practicing good cybersecurity habits is also crucial.
Once you report a phishing attempt, it is typically reviewed by security experts who analyze the scam to identify trends and tactics used by cybercriminals. The information you provide can aid in preventing similar scams and may even help law enforcement track down and prosecute scammers.