skip to content
rss Subscribe print Printer Friendly Share this Page
HomeProtectionAvoid Fraud and Scams

How to Report a Scam

What should you do when you get a scam email or end up on a scam website? We're going to teach you who to report the scam to, or how you can track down the scammers yourself and work to help shut down their scam-collecting ways, at least temporarily. We've seen scams targeting companies like eBay, Washington Mutual (Wamu), Wells Fargo, Amazon, Citibank, and PayPal.

Not a Victim

I only saw a scam and want to report it.

You should contact the company involved in the scam immediately.

In other words, if you received a scam email about Wells Fargo, you should forward it to Wells Fargo.

Here is the contact info for some of the most targeted companies:

Also consider forwarding the email to spam@uce.gov. The U.S. Federal Trade Commission (FTC) will place your email in a database and use the combined information to track down and prosecute the scammer/spammers.

You can also report the scam to the Internet Fraud Complaint Center. This site is a partnership between the FBI and the National White Collar Crime Center.

Advanced Steps

You should only follow these steps if you have some experience with web and email issues.

View Source
  • Look at the html source of the email message or the web form.
  • In the html code, look for <form> tag and see where the form results are being sent.

    The form will probably look something like this:

    <form action="/cgi-bin/FormMail.cgii"
  • You will also want to look for a hidden field below the <form> tag that will look something like this:

    <input type=hidden name="email" value="someone@blahblah.com">

    This is the email address that will receive the results of the form. You'll want to track down those responsible for the servers the form and email reside on.

    What I've described above is a typical Perl-based form to mail script. Scammers may also use combinations of php, asp, or other code. If you're not familiar with any of this, just make sure the email is forwarded to the company so they can work to shut down the site.

Track Down Servers
The best way to track down who is responsible for these servers is to use various WHOIS servers. Take the domain name or IP address you found in the email or web page and input it here:

Send a Kind Email
Now use the contact email information you find in the WHOIS listing to forward anything you received and to kindly ask them to investigate and shut down the offending page or email address.

Be nice. Usually the system administrators of these sites have nothing to do with the scam being perpetrated. They also get a lot of email and are a much more likely to help if you explain what's going on in a civil, helpful tone of voice.

Once you've sent your email, there's nothing to do but sit back and relish your part in trying to reduce the number of people gettting ripped off!

Victim

Yep, it looks like they got me.

If you move fast you might be able to head off the use of some of your information.

Change Your Password
If you filled out one of these scam forms and entered any password information - change it immediately.

While you're logged into your account, check your transaction history, if possible, to see if there are any fraudulent entries.

Contact the Company
Call or email the fraud department of the company involved and let them know that your account might be compromised.

If you want to talk with a human, find out about the Interactive Voice Response Cheat Sheet.

Call Your Bank and Credit Card Companies
 You should call to see if any fraudulent transactions have shown up and to possibly arrange for new cards or accounts.

Is That It?
If you entered your Social Security Number, Date of Birth, Address, etc into the form, you will need to follow the steps listed on our Emergency Help page. You are a potential victim of identity theft.