If you've discovered a fake, phishing or scam website, reporting it helps protect other users and can lead to the site being blocked or taken down. Here's exactly where and how to report it.
1. Report to Google Safe Browsing
Google Safe Browsing protects billions of users. Reporting a site here helps Google flag it across Chrome, Firefox, Safari and other browsers that use the Safe Browsing API.
Report at: safebrowsing.google.com/safebrowsing/report_phish/
2. Report to Microsoft Smart Screen
Microsoft Edge and Internet Explorer use SmartScreen to block malicious sites. You can report a site via the Edge browser menu or at Microsoft's phishing report page.
3. Report to the Domain Registrar
Find out who registered the domain using a Whois lookup. Most registrars have an abuse contact email (often [email protected]). Send them the URL and evidence of fraudulent activity. Registrars can suspend domains for abuse.
4. Report to Hosting Provider
Use the IP address of the website (found via DNS lookup) to identify the hosting provider. Report the abuse to their abuse team — hosting providers are generally quick to act on phishing complaints.
5. Report to National Cybercrime Authorities
- UK: Action Fraud (actionfraud.police.uk)
- USA: FBI Internet Crime Complaint Center (ic3.gov)
- EU: Europol (europol.europa.eu)
- Australia: Australian Cyber Security Centre (cyber.gov.au)
6. Report to the Impersonated Company
If the fake site impersonates a legitimate brand (PayPal, Amazon, a bank), report it to that company's fraud or security team. They have legal resources to pursue takedowns rapidly.
7. Report to Anti-Phishing Working Group (APWG)
The APWG collects phishing data globally and works with law enforcement. Email reports to [email protected].
What Information to Include
- The full URL of the fake site
- A screenshot of the page
- How you found it (email, social media, etc.)
- The legitimate site it is impersonating
- Any email headers if you received a phishing email