Armorblox is now part of Cisco

Articles & Thought Leadership | 10 min read

Phishing Email Reporting: What to Do With Phishing Emails


Lauryn Cash
Lauryn Cash

Phishing impacts businesses and individuals on a massive scale. By following best practices for phishing email reporting, you can help combat this threat.

Phishing Email Reporting: What to Do With Phishing Emails

Despite advances in cybersecurity technology and public awareness, phishing remains at an all-time high. According to the Anti-Phishing Working Group (APWG), more than 1.2 million phishing attacks happened in the third quarter of 2022 alone. The figures from this organization represent a new record for phishing attempts—and they only account for detected attacks.

As the number of phishing attacks continues to raise alarms, so do the associated losses. In 2021, the FBI’s Internet Crime Complaint Center (IC3) reported that Americans lost more than $44 million due to phishing and related attacks (vishing, smishing, and pharming). Once again, the actual number is likely much, much higher.

As an organization, you can combat this rise in phishing from multiple angles. First, a robust email security solution keeps your employees and data secure. But a thorough plan for reporting phishing emails helps protect other businesses and agencies, too. This guide will walk you through what to do if a phishing email lands in your inbox.

How to Recognize a Phishing Email

The first step to reporting phishing emails is learning to recognize them. While malicious actors continuously change their approaches, some phishing tactics remain the same – and that’s because they work.

However, some of these tried-and-true phishing strategies leave discernable clues. Telltale signs of a phishing attempt include:

  • A sense of urgency: Scammers often use urgent language to convince you to act quickly. By pressuring you to take action immediately, fraudsters hope you won’t take the time to think critically or alert your IT security team.
  • A spoofed email address: Spoofing involves creating an email address that is almost—but not exactly—identical to that of a trusted source. For example, an email that may appear to come from a known vendor could, upon further inspection, use a zero in place of the “O.” This tactic is common in spear phishing attacks, where fraudsters first conduct research to learn which senders their target is most likely to trust.
  • A request for sensitive information: You should never share passwords, credit card numbers, social security numbers, and other sensitive details via email. Fraudsters hope you’ll overlook this best practice, often by combining their request with urgent language or by pretending to be someone (or a brand) that end-users trust.
  • Poor grammar or spelling: Whether intentionally or accidentally, phishing emails are frequently plagued with errors.

However, some cases are impossible to detect manually. An email security solution can fill in the gaps and notify you of potential phishing attacks.

What Should You Do If You’ve Been Phished?

With 83% of organizations falling victim to phishing in 2021, there’s a reasonable chance that you’ve at least seen a phishing email in your inbox (or spam folder). However, if you’ve only realized an email is a phishing attack after clicking the link or attachment, don’t panic. Instead, take the following actions.

Change Your Passwords

In the immediate aftermath of a phishing attack, it’s often impossible to know which accounts or services may have been breached. As such, it’s worth changing all passwords as soon as possible. That way, any password data that a fraudster may have scraped will be useless.

Do Not Reply to the Sender

As tempting as it may be to respond to a would-be scammer, it’s wise to refrain from engaging. Replying to a phishing email is ill-advised because:

  • It confirms that your email address is active: Most phishing attacks are automated email blasts that blindly target innumerable email addresses—many of which may be unmonitored or inactive. By replying, you signal that your email is worth retargeting.
  • It reveals additional information: Unless you’re judicious enough to delete it, your email signature will automatically appear at the bottom of your response. Your signature may include your phone number, job title, location, and more—all details a fraudster can use for a more advanced attack in the future. However, even if you remove your signature, your response signifies to the scammer that your account is in use. 

Report It

If you’re already aware of your organization’s procedures for phishing attacks, follow them to the letter. If you’re unsure what to do, report the email to your IT security team. They’ll be able to walk you through any next steps and help mitigate any potential fallout from the attack.

Want to save time? Armorblox abuse mailbox automation analyzes every user-reported email to remediate known threats, identify false positives, and escalate more sophisticated email threats to your security team. In addition, Armorblox learns from every manual action to protect against similar future threats automatically.

Delete the Email

Once you’ve reported the email to the relevant parties, you should immediately delete it. Deleting the email limits the potential for malware to spread on your devices and guarantees you won’t open it again.

Note that pressing the “Delete” button on many email clients will only move the message to a separate Trash or Archive folder. To ensure the phishing email won’t cause additional harm, go to the appropriate folder and permanently delete the message.

How to Report Phishing Attempts

Besides your IT security team, there are several other groups to contact about phishing attacks. If you’ve received a phishing email, consider taking the following steps (unless your security team specifies otherwise).

Contact the FTC

The Federal Trade Commission (FTC) collects phishing email reports and shares them with thousands of law enforcement officials. Using these reports, the organization can bring cases against scammers and fraudsters to protect businesses and individuals.

You can submit a report online through the FTC’s fraud portal at

Contact the APWG

The FTC also recommends reporting all phishing attempts to the Anti-Phishing Working Group (APWG). This international consortium comprises financial institutions, security vendors, ISPs, and law enforcement agencies. The APWG analyzes and compiles phishing emails for research, resource development, and public awareness campaigns.

To report a suspected phishing attempt to the APWG, forward the malicious email to

File a Complaint With the IC3

The FBI’s Internet Crime Complaint Center (IC3) is one of the leading compilers and investigators of phishing attacks and other cybercrimes. After you fill out a report, the IC3 will refer your case to the appropriate regulatory agencies and then take any necessary action.

You can register your complaint through this online form.

Contact Your Financial Institution

While not all phishing attempts are financially motivated, many attacks seek access to credit card numbers, bank details, or payment software. Contact your financial institution immediately if you can confirm that financial information was compromised (or if you’re unsure of the severity of a phishing attack).

Notifying your bank can safeguard your funds and accounts from fraudsters. They may advise you to request new credit cards.

Even after informing your financial institution, monitor your accounts and statements for suspicious activity. The sooner you spot any unauthorized usage of your financial or personal information, the better.

How to Protect Your Company from Phishing Attempts

Although reporting a phishing email benefits you, your organization, and businesses worldwide, it doesn’t protect you from the next attack. And employee education, while a critical piece of the puzzle, isn’t guaranteed to keep your business safe from future phishing attempts.

Indeed, no strategy or product can shield you from every phishing attack. As fraudsters use more sophisticated tactics, it is paramount to utilize an NLU-based email security solution for the best protection against today’s emerging threats.

With forward-looking technology that automatically identifies signals of phishing attacks, Armorblox is a SecOps dream come true. By leveraging natural language understanding (NLU) and machine learning (ML), our comprehensive email security solution protects against phishing attacks and targeted email threats.

Armorblox automatically remediates (deletes, quarantines) email threats or escalates threats that need human review to your security team. The result? Less time putting out fires—and more time focusing on meaningful initiatives that benefit your entire organization.

Take our quick product tour to learn more about our features and solutions.

Take Product Tour

Experience the Armorblox Difference

Get a Demo