Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How can I report a phishing email address?

Question:

I’ve been receiving phishing emails for the past few months. The gist has been that I need to sign in to my Live.com account and give them all of my details and all will be well. Needless to say, I’ve always just deleted these.

I did try to alert Live.com to the problem and their answer was to disable my account. My account was never compromised. I was just trying to let them know that there were attempts. I received another email today and I finally have an email address for one of the culprits.

Who do I give this info to so that they can try to put an end to this sort of phishing? They make it look like it’s actually coming from Live.com? “Warning: the account owner that fails to verify his or her or account within two weeks of receiving this warning will lose his or her account permanently. Sincerely, The Windows Live Hotmail Team. The current address is [and I’m not going to mention it here].”

Granted, it’s probably a needle in a haystack but does Live ever prosecute these people? Thanks for any help.

In this excerpt from Answercast #4, I’ll discuss the big companies, their response to spam, and if reporting spam and phishing attempts can help.

Become a Patron of Ask Leo! and go ad-free!

Phishing is Insidious

So, several answers here. The short answer is don’t bother. Just don’t bother.

Do what you were doing. Delete the mail and get on with your life. A lot of people desperately want some place to report these things to so that they get handled, so that they get fixed. The short answer is that you don’t need to.

They already know

You just don’t need to. Trust me. Microsoft and all of the other email providers, they know that this is going on. They are constantly battling this. Now, you might say why haven’t they fixed it? Because it’s not an easy to problem to fix.

You know that email address you think you have? It’s probably totally unrelated to the email that you got. It was probably forged. Even the IP addresses that are in the headers may very well be traceable. Nine times out of ten, they’re traced either to a machine that has been compromised by malware that is part of some kind of a bot net (i.e. it could have been your machine if you had been infected by malware), which again doesn’t lead them back to the actual originators of this scam. Or the IP addresses could lead off shore to some foreign country where there just isn’t the ability to enforce what needs to be enforced.

There’s no shortage of knowledge about these kinds of scams and the kinds of information that services like Microsoft, Hotmail might be gathering.

They’ve got all of the information that they need. They are working on this through many different ways.

Reporting it wastes resources

Reporting it? In my opinion, it honestly doesn’t help. It’s a waste of your time. It doesn’t really add a lot to the base of knowledge that they already have. By far, the best thing that you can do is simply either delete it or mark it as spam, if you have that option in your mailer, and get on with your
life.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.