In order to report an email phishing scam you have to know what it is and how to identify one when you see it. Phishing is the term used to describe the practice of criminals who will attempt to coax personally identifiable information (PII) or other valuable information from unsuspecting victims by purporting to be a trustworthy organization or entity.

Common entities that are impersonated in phishing emails are banks, social websites, or government agencies. The phishing email will either directly ask for your personal information or direct you to a fake website designed to look like a trustworthy organization where they will require you input your personal information. Currently, the Identity Theft Resource Center is concerned about the potential for scams, including phishing emails, surrounding the creation of the Affordable Care Act’s health insurance exchanges where a criminal will pose as a legitimate health insurance exchange and ask for a person’s personal information in order to help them purchase insurance.

A phishing email will often have spelling errors or come from a fictional entity that you do not recognize. It is a good idea to do your own research to confirm that this entity is in fact a real, legitimate organization; however, if they ask for your personal information over an email it is almost certainly a phishing email as most businesses and entities today will never ask for your personal information in such a manner. In addition, do not click on any links or attachments in the email if you suspect it might be a phishing email as it may contain malware or other malicious software that can infect your computer or smart phone.

If you do click on a link because you think the email is safe, double check the URL of the website the link takes you to so that you can double check that the website you are visiting is in fact the website of the real organization. For example, if you know that a bank’s website URL is but the link takes you to, you can rest assured that this is a fake website and you should close out of your browser immediately.

When you do encounter a phishing email, report it to the business or entity that it is impersonating so that they can take whatever measures they have to protect their other customers. After that, you should also report it to the following organizations:

·         The Federal Trade Commission –

·         United States Computer Emergency Readiness Team –

·         Internet Crime Complaint Center (IC3) – 

"How to Report an Email Phishing Scam" was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting. 


ITRC Sponsors and Supporters 





Go to top


The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.