Help us stop active phishing threats
For serious fraud, stolen credentials, money loss, or widespread attacks, you may also want to report the incident to official agencies and anti-phishing groups.
- FBI Internet Crime Complaint Center (IC3) for cybercrime and internet fraud reports.
- FTC Report Fraud for scams, impersonation, and consumer fraud.
- CISA Report for cyber incidents, vulnerabilities, and significant suspicious activity.
- APWG at reportphishing@apwg.org for phishing email and website reports.
Report to PhishingBox
Use this anonymous form for suspicious emails, smishing texts, malicious websites, vishing calls, account compromise warnings, fake invoices, credential-harvesting pages, or other security concerns.
What helps most
If you have the original email, upload the .eml or .msg file. Otherwise, add the details you have.
- Sender, reply-to address, subject line, and recipient.
- Suspicious links, QR codes, phone numbers, or domains.
- What the message asked you to do.
- Whether you clicked, downloaded, entered credentials, or sent payment.
What happens after you submit
We review submissions for threat indicators and accuracy. If a report appears valid, we may use it to improve detection logic, training examples, and threat research. Uploaded files are stored on the server and purged over time.
Before you continue
If you entered credentials, sent payment, or installed software, change passwords from a trusted device, enable multifactor authentication, contact your IT or security team, and notify your bank or service provider when appropriate.