GACS will never ask for your seed phrase, private keys, or payment. Always free.
GACS — Global Anti-Crime & Safety Logo
Scam Email Guide · 2026

How to report a scam email

The complete playbook for shutting down a phishing email: your provider's report button, APWG, the FTC, and the impersonated brand. Free, anonymous, takes under 5 minutes.

The 10-step phishing-email reporting checklist

  1. 1

    Don't click, don't reply, don't unsubscribe

    Even the unsubscribe link confirms your address is live. Just leave the message in your inbox while you collect evidence.

  2. 2

    Capture the full headers

    Gmail: ⋮ menu → 'Show original'. Outlook: File → Properties → 'Internet headers'. Apple Mail: View → Message → All Headers. Copy them into a text file — they reveal the real sending server and let abuse teams act fast.

  3. 3

    Report inside your email client

    Gmail: ⋮ → 'Report phishing'. Outlook: 'Report' → 'Phishing'. iCloud: forward to reportphishing@apple.com. Provider-level reports kill the campaign at the source — mass reports trigger account suspension within hours.

  4. 4

    Report to GACS

    Submit at /report. The sender domain / address is added to the public scam database within minutes so the website checker flags any linked URL.

  5. 5

    Report to APWG

    Forward (with full headers) to reportphishing@apwg.org. APWG feeds the data into Microsoft SmartScreen, Google Safe Browsing, and browser block lists worldwide.

  6. 6

    Report to the FTC

    File at reportfraud.ftc.gov. Pick 'Email scam'. Paste the headers and the email body. The FTC's Consumer Sentinel Network shares it with 3,000+ partner agencies.

  7. 7

    Report to the impersonated brand

    PayPal: spoof@paypal.com. Amazon: stop-spoofing@amazon.com. Microsoft: report through Outlook 'Report' menu. IRS: phishing@irs.gov. Most major brands have a published abuse address — search '[brand] report phishing email'.

  8. 8

    Report the linked domain

    If the email contains a fraudulent URL, run it through the GACS website checker, then file separately with Google Safe Browsing (safebrowsing.google.com/safebrowsing/report_phish) — that triggers the browser warning Chrome / Safari / Firefox users will see.

  9. 9

    Report to your email provider's abuse contact

    If the sender address looks legitimate but content is malicious (compromised account, internal forwarding rule), email abuse@<their-domain>. Many corporate IT teams act within hours on documented abuse reports.

  10. 10

    If you clicked or entered credentials

    Change the password on the impersonated account immediately, enable MFA, and check the 'Recent activity' / 'Sessions' page for foreign logins. If you entered card or banking details, call your bank now — same-day reports unlock chargebacks and wire recall.

Free copy-paste reporting templates

Reports written in plain English with concrete evidence get actioned faster than walls of text. Copy a template, swap in the details, and paste.

APWG phishing report

Where to send: reportphishing@apwg.org

Subject: Phishing email — [impersonated brand]

Hello APWG,

Forwarding a phishing email that impersonates [brand] and points to [URL]. Full headers below. Domain was registered on [date] per WHOIS, uses a free SSL certificate, and the page collects [credentials / card / seed phrase].

[Paste full headers + original email body here]

Thanks,
[Your name or anonymous]

Brand abuse / spoofing report

Where to send: spoof@paypal.com · stop-spoofing@amazon.com · phishing@irs.gov · abuse@<brand>

Subject: Spoofing report — phishing email impersonating [brand]

Hello,

Reporting a phishing email impersonating [brand]. The message asks recipients to [verify account / confirm payment / claim refund] and links to [URL]. Domain is not affiliated with [brand]. Full headers and message below.

[Paste full headers + body]

Please take action under your acceptable-use / brand-protection process.

FAQ

What's the difference between 'Report spam' and 'Report phishing'?

Spam is unwanted marketing — the report just trains your inbox filter. Phishing is fraud — the report triggers a takedown investigation at the email provider plus, on Gmail and Outlook, automatic warnings to other users who received the same campaign. Always pick 'phishing' when there's a fake login page or money ask.

Do I have to forward with headers?

Provider-level reports (the in-Gmail / in-Outlook button) handle headers automatically. External reports (APWG, brand abuse addresses, the FTC) need the full headers to be useful — otherwise the abuse team can't see the real sending server.

I unsubscribed before I realized it was a scam. How bad is that?

It confirms your address is monitored, so expect a spike for 2–4 weeks then a fall-off as the campaign rotates. No further damage if you didn't enter credentials or download anything. Move on and report.

How do I report a phishing email on iPhone Mail?

Long-press the message → 'Report Junk' → 'Report Junk and Block Sender'. Then forward the email as an attachment to reportphishing@apple.com and to the impersonated brand. Apple processes phishing reports within 24–48 hours.

Can I report a phishing email anonymously?

Yes. APWG, GACS, Google Safe Browsing, and most brand abuse inboxes accept anonymous submissions. The FTC asks for contact info but doesn't require you to be the victim — third-party reports are welcomed.

I downloaded the attachment. What now?

Disconnect from the internet, run a full scan with Windows Defender / Malwarebytes / Apple's built-in XProtect, then change passwords for any account you've signed into on that device — starting with email and banking. If it was a work device, tell IT immediately; the longer you wait, the wider the blast radius.

Report a scam in 30 seconds.

Add it to the public scam database — protect the next person.

Report a scam

See every channel: How to report a scam — full hub →

Cite this page / Press kit

Journalists, researchers and educators are welcome to cite this page. Use the permalink below or copy a ready-made citation.

Permalinkhttps://gacs.app/how-to-report-a-scam-email
APA

GACS. (2026). How to Report a Scam Email (Free, 2026 Guide). GACS — Global Anti-Crime & Safety. Retrieved June 25, 2026, from https://gacs.app/how-to-report-a-scam-email

MLA

"How to Report a Scam Email (Free, 2026 Guide)." GACS — Global Anti-Crime & Safety, GACS, 2026, https://gacs.app/how-to-report-a-scam-email. Accessed June 25, 2026.

Chicago

GACS. "How to Report a Scam Email (Free, 2026 Guide)." GACS — Global Anti-Crime & Safety. Accessed June 25, 2026. https://gacs.app/how-to-report-a-scam-email.

BibTeX
@misc{gacs_how_to_report_a_scam_email,
  author = {GACS},
  title = {How to Report a Scam Email (Free, 2026 Guide)},
  howpublished = {GACS — Global Anti-Crime & Safety},
  year = {2026},
  note = {Accessed: June 25, 2026},
  url = {https://gacs.app/how-to-report-a-scam-email}
}

Press / media enquiries: About GACS · Editorial policy · Methodology