How to Report an Email or Web Scam
What should you do when you get a scam email
or end up on a scam website? We're going to teach you who to report
the scam to, or how you can track down the scammers yourself and
work to help shut down their scam-collecting ways, at least temporarily.
We've seen scams targeting companies like eBay, Washington Mutual
(Wamu), Wells Fargo, Amazon, Citibank, and PayPal.
 |
 |
First
Steps
You should contact
the company involved in the scam immediately.
In other words, if you received a scam email about Wells
Fargo, you should forward it to Wells Fargo.
Here is the contact info for some of the most targeted
companies:
Also consider forwarding the email to spam@uce.gov.
The U.S. Federal Trade Commission (FTC) will place your
email in a database and use the combined information
to track down and prosecute the scammer/spammers.
You can also report the scam to the Internet
Fraud Complaint Center. This site is a partnership
between the FBI and the National White Collar Crime
Center. |
Advanced Steps
You should only follow these
steps if you have some experience with web and email
issues.
View Source
- Look at the html source of the email message
or the web form.
- In the html code, look for <form> tag and
see where the form results are being sent.
The form will probably look something like this:
<form action="/cgi-bin/FormMail.cgii"
- You will also want to look for a hidden field
below the <form> tag that will look something
like this:
<input type=hidden name="email" value="someone@blahblah.com">
This is the email address that will receive the
results of the form. You'll want to track down those
responsible for the servers the form and email reside
on.
What I've described above is a typical Perl-based
form to mail script. Scammers may also use combinations
of php, asp, or other code. If you're not familiar
with any of this, just make sure the email is forwarded
to the company so they can work to shut down the
site.
Track Down Servers
The best way to track down who is responsible for these
servers is to use various WHOIS servers. Take the domain
name or IP address you found in the email or web page
and input it here:
Send a Kind Email
Now use the contact email information you find in the
WHOIS listing to forward anything you received and to
kindly ask them to investigate and shut down the offending
page or email address.
Be nice. Usually the system administrators of these
sites have nothing to do with the scam being perpetrated.
They also get a lot of email and are a much more likely
to help if you explain what's going on in a civil, helpful
tone of voice.
Once you've sent your email, there's nothing to do but
sit back and relish your part in trying to reduce the
number of people gettting ripped off!
|
|
|
Do This
Quickly!
If you move fast you might be
able to head off the use of some of your information. Change Your Password
If you filled out one of these scam forms and entered
any password information — change it immediately.
While you're logged into your account, check your transaction
history, if possible, to see if there are any fraudulent
entries. Contact the Company
Call or email the fraud department of the company involved
and let them know that your account might be compromised.
If you want to talk with a human, find out about the Interactive
Voice Response Cheat Sheet.
Call Your Bank and Credit Card Companies
You should call to see if any fraudulent transactions
have shown up and to possibly arrange for new cards or
accounts. Is That It?
If you entered your Social Security Number, Date of Birth,
Address, etc into the form, you will need to follow the
steps listed on our Emergency
Help page. You are a potential victim of identity
theft. |
|
