How do I report a scam email?
Forward phishing emails to [email protected] (global), to [email protected] (UK), or to [email protected] (US FTC). Also use your email provider's built-in 'Report phishing' button.
Last reviewed: 10 June 2026
Explanation
Most email clients have a built-in 'Report phishing' or 'Report spam' option in the dropdown menu for any message. Using this button sends signal to your email provider's spam filters and helps protect other users on the same platform. On Gmail, click the three dots next to 'Reply' and select 'Report phishing.' On Outlook, use the 'Report' button in the ribbon or the Junk dropdown.
Beyond the in-client button, forward suspicious emails to specialised inboxes. In the UK, the NCSC's Suspicious Email Reporting Service (SERS) accepts emails forwarded to [email protected]. The NCSC has used this service to take down hundreds of thousands of phishing sites. In the US, forward to [email protected] for FTC processing. Globally, the Anti-Phishing Working Group collects samples at [email protected].
Before forwarding, do not click any links or download any attachments. If the email claims to be from your bank, HMRC, the IRS, or another institution, contact that institution directly using a number from their official website. Institutions do not ask you to provide passwords, one-time codes, or full card numbers over email.
If you believe your credentials were compromised because you clicked a link in a phishing email, immediately change the password for the affected service and enable two-factor authentication. Check your account's login history for any unfamiliar access.
Common red flags
- The sender address domain does not exactly match the organisation being impersonated
- The email asks you to verify your login, card details, or national insurance number
- There is extreme urgency — your account will be closed, a parcel returned, or a fine issued
- Hover text over a link shows a URL different from the link text
- The greeting is generic ('Dear Customer') despite coming from your bank
- Attachments have double extensions such as invoice.pdf.exe
What to do now
- Do not click links or open attachments
- Use the email client's 'Report phishing' button
- Forward to [email protected] (UK), [email protected] (US), or [email protected]
- Report to the FTC at ReportFraud.ftc.gov if financial fraud is involved
- Change passwords if you clicked anything before recognising the phish
- Enable two-factor authentication on the targeted account
Frequently asked questions
Should I reply to a phishing email to confront the scammer?
No. Replying confirms that your email address is active, which increases the volume of future scam emails you receive. Do not engage with the sender.
What if I received the same phishing email many times?
Report once to the relevant inbox and mark subsequent copies as spam. Reporting the same email repeatedly does not add value after the first report.