Online scams are everywhere—from your inbox to your phone. Knowing how to spot suspicious messages and fake websites, and how to report them, is one of the best ways to protect yourself and others.

How to Spot a Phishing Email

• Check the sender: Be cautious with emails from unfamiliar or infrequent senders, especially those marked as [External].

• Look for mistakes: Poor spelling, grammar, or generic greetings like “Dear sir or madam” are red flags.

• Double-check the email address: Watch for misspelled or odd-looking domains (like “micros0ft.com” instead of “microsoft.com”).

• Beware of urgent requests: If an email pressures you to act quickly, open attachments, or click links, be suspicious.

• Question the context: If a company contacts you out of the blue—especially one you don’t have an account with—don’t click links or respond.

• Hover over links: On a computer, hover your mouse over links (without clicking) to see where they really go. If the address looks strange, don’t click.

How to Spot a Fake Website

• Check the web address (URL): Look for spelling mistakes, extra characters, or unusual subdomains. Fraudsters often make small changes to trick you.

• Look for HTTPS and the lock icon: A secure website should start with “https://” and display a padlock icon. But remember, even some fake sites now use HTTPS, so check other details too.

• Review the site’s content: Poor design, low-quality images, and missing company details are warning signs.

• Check for contact info and privacy policy: Legitimate sites provide clear ways to contact them and have a privacy policy.

Is it Safe to Click Links in Emails or Texts?

• Be cautious: Avoid clicking links in unsolicited emails or texts. They might lead to fake websites or install malware on your device.

• If you click by mistake: Don’t enter any information. Run a security scan on your device and change your passwords if needed.

  • Find the security program or anti-virus on your computer or phone and click the button that says "Scan" to have it look for anything bad

What Makes a Website Secure?

• Look for “https” and a lock icon: These mean your connection is encrypted.

• Check for legitimacy: Even secure-looking sites can be fake, so always double-check the web address and look for other signs of trustworthiness.

How to Report Spam, Phishing, and Fake Websites

• Emails:

  • Use the “Report phishing” or “Report junk” button in your email service (like Gmail or Outlook).

• Texts:

  • On Android and iPhone, use built-in “Report spam” or “Report junk” features in your messaging app.

• Calls:

  • Block and report numbers using your phone’s call log options.

• Websites:

  • Report fake or suspicious websites or your browser’s “Report unsafe site” feature.

• If you’ve lost money or shared sensitive info:

  • Change your passwords immediately.

  • Enable two-factor authentication on your accounts.

Country specific reporting websites

Here is a list of some countries and their national cybersecurity agency websites, many other countries have similar agencies. You can usually find them by searching online for "[Country Name] cybersecurity agency" or "[Country Name] CERT":

• United Kingdom:

  • National Cyber Security Centre (NCSC): https://www.ncsc.gov.uk/

• United States:

  • Cybersecurity and Infrastructure Security Agency (CISA): https://www.cisa.gov/

  • Federal Trade Commission (FTC) (for reporting fraud and scams): https://reportfraud.ftc.gov/

  • Internet Crime Complaint Center (IC3) (FBI & NW3C): https://www.ic3.gov/

• Canada:

  • Canadian Centre for Cyber Security (CCCS): https://cyber.gc.ca/en/

  • Canadian Anti-Fraud Centre (CAFC): https://antifraudcentre-centreantifraude.ca/

• Australia:

  • Australian Cyber Security Centre (ACSC): https://www.cyber.gov.au/

  • Scamwatch: https://www.scamwatch.gov.au/

• New Zealand:

  • CERT NZ: https://www.cert.govt.nz/

• Singapore:

  • Cyber Security Agency of Singapore (CSA): https://www.csa.gov.sg/

• Japan:

  • National center of Incident readiness and Strategy for Cybersecurity (NISC): https://www.nisc.go.jp/ 

• France:

  • Agence nationale de la sécurité des systèmes d’information (ANSSI): https://www.ssi.gouv.fr/ 

• Germany:

  • Bundesamt für Sicherheit in der Informationstechnik (BSI): https://www.bsi.bund.de/ 

Global reporting websites

Here are some global agencies and initiatives involved in combating spam, phishing, and fake websites:

• Anti-Phishing Working Group (APWG): https://apwg.org/

  • An international coalition unifying the global response to cybercrime across industry, government, and law enforcement sectors. They focus on data exchange, research, and public awareness to combat phishing, crimeware, and email spoofing. They also have a European chapter: https://apwg.eu/   

• Global Anti-Scam Alliance (GASA): https://www.gasa.org/

  • A global initiative focused on protecting consumers worldwide from scams through various activities like virtual meet-ups, intelligence sharing, and promoting collaboration.   

• Internet Watch Foundation (IWF): https://www.iwf.org.uk/ (Based in the UK, but with global impact)

  • Works to find and remove child sexual abuse content online, which can sometimes be linked to fake websites or other online harms.   

• International Criminal Police Organization (INTERPOL): https://www.interpol.int/Crimes/Cybercrime

  • Facilitates international cooperation among law enforcement agencies in its member countries to combat transnational crime, including cybercrime. They offer information exchange, technical expertise, and training.   

• United Nations Office on Drugs and Crime (UNODC): https://www.unodc.org/unodc/en/cybercrime/home.html

  • Spearheads the UN's efforts to combat transnational crime, including cybercrime. They work on international legal frameworks, provide technical assistance, and conduct research. They also host the UN Convention against Cybercrime.

• The World Economic Forum - Partnership Against Cybercrime (PAC): https://initiatives.weforum.org/partnership-against-cybercrime/home

  • Promotes public-private cooperation to combat cybercrime, bringing together law enforcement, cybersecurity companies, and other stakeholders.   

These organizations work on various aspects, including information sharing, developing best practices, raising awareness, and supporting law enforcement efforts to tackle the global issues of spam, phishing, and fake websites.

Extra Tips for Staying Safe

• Keep your software and apps updated to protect against new threats.

• Use strong, unique passphrases' for every account, and consider a password manager.

• Enable two-factor authentication wherever possible.

• Be cautious with unexpected attachments or links, even from people you know.

• Use antivirus software: It helps detect and block malware from phishing emails or fake websites but works best when combined with safe habits and anti-phishing tools.

• Trust your instincts: If something feels off, don’t engage—better safe than sorry.

View our Basic Cyber Security Guide for further guidance.