Does reporting phishing sites do anything?

We all receive phishing emails and scam texts, but what do you do with them?

Should you just delete it? Should you report the phishing site to someone?

So, does reporting phishing sites do anything?

Yes! Reporting phishing sites absolutely helps. It:

  • Stops other people becoming victims
  • Annoys the scammers
  • Helps security teams identify trends

Stops other people becoming victims

Just because you’ve spotted that a link looks dodgy, doesn’t mean other people will. By reporting the phishing link, you can get a big warning page put up before people are able to visit the site. This massively helps reduce the number of people that will fall victim to the scam.

An example of a Safe Browsing warning page

Annoys the scammers

The scammers have annoyed you by sending you a phishing text or a scam emails, by reporting the link you can annoy them back.

Once a phishing site has been reported, this starts the process of the site being removed from the internet. Once this happens, the scammer needs to start the whole process again: buying a domain name, setting up a new website, and sending out new phishing links.

Phishing can be hard to keep track of. It’s entirely possible for a phishing site to be created, reported, and taken down without the company it’s pretending to be even knowing.

By reporting phishing sites to security companies you help them track trends like:

  • How many phishing sites are being created this month versus last month?
  • What new lures are being used to trick people into clicking links?
  • Where are phishers choosing to host their phishing sites?

When shouldn’t you report phishing?

If in doubt, you should report phishing sites. But there’s some cases where it’s probably not worth your time.

It’s already in your spam folder

If a phishing email is already in your Spam folder, this usually means that it’s already been reported and so the takedown process has already started.

An example of a warning that an email is likely phishing: "This message seems dangerous. Similar messages were used to steal people's personal information. Avoid clicking links, downloading attachments or replying with personal information."

Reporting the site at this stage won’t speed up the takedown process and is just going to take up your time. Better to save your effort for times you can make more of a difference.

You’re busy

The responsibility for reporting phishing sites doesn’t rest solely on your shoulders. Links to phishing sites are sent out by the thousands so you’re unlikely to be the only person to spot it.

If you’re busy, it’s totally fine to skip reporting a site and rely on someone else doing it. After all, you’re only doing this on a voluntary basis.

The easiest way to report phishing sites

So, you’ve spotted a phishing link, and decided to report it. How exactly do you do that?

There’s lots of places to report phishing sites but you don’t want to spend ages reporting the site to half a dozen different places. That’s where Phish.Report helps.

Phish.Report aggregates phishing report forms from across the web and lets you submit to them all in just a few clicks.

A screenshot of the Phish.Report report box being used to report a phishing link received from an SMS