How to Report Phishing

How to Report Phishing Email

Lorence, a Tap into IT Trustee and volunteer, recently shared his tale, with us, about the struggle he had to report a phishing email to the purported originator.

He complained to BT, about a phishing email that he had received and the impossibility of notifying them about this.

BT phoned Lorence about his complaint and told him how to report a phishing email:

“EASY! If you get any suspicious email purportedly from BT, just forward it to and the security team will investigate it!”.

Gerald, another Tap into IT volunteer, responded as follows:

Useless facts of the day:

  • today would have been my granny’s 155th birthday.
  • (which is unconnected to 1)  I never imagined this day(*) would come.

Now of course my granny is no longer with us;  but when she was around, she sometimes seemed a bit scary to a wee boy like me.  I certainly would never have got away with trying to teach her to suck eggs….

Lorence though is an entirely different kettle of fish, to coin a phrase, and I hope he doesn’t mind the description.  Thankfully, he is very much with us, and a lot cleverer than me, which isn’t hard.  I wouldn’t even start to try to get him to suck eggs!   But for once (*) maybe, I have a bit to add to his helpful message about phishing.

Scammers are trying to steal our money, so it is obvious that lots of big (and probably not so big, too) organisations are potentially vulnerable to being impersonated, like Lorence’s BT example above.

So, to repeat the obvious, we must all be on our guard for potentially dodgy messages like that.   Over a bit of time, I have collected the following short list of useful email addresses:

Any time I am even just doubtful about some message, I don’t reply or open any link on it, but instead just forward it immediately without comment to the relevant phishing, or equivalent, address.

It’s often easy to find these phishing addresses by going via the “contact us” link at the bottom of a website.   To my mind it is far better to err on the side of alerting a company to a message which turns out to be genuine, than to ignore a real scam attempt.  The sooner these things are reported, the less trouble they will cause.