Phishing email guide

    Report a Phishing Email

    Document a phishing email in five steps and get the linked website taken offline: not just marked as spam.

    The 5 steps to reporting phishing

    Step 1

    Don't click any links

    Phishing emails often track opens and clicks. Open the message in preview mode and never sign in through the embedded button.

    Step 2

    Save the original email

    Save the message as .eml or .msg so the headers, SPF/DKIM/DMARC results, and routing path are preserved. These prove the real sender.

    Step 3

    Document the landing page

    Take a screenshot of the phishing page in an isolated browser. Note the final URL after all redirects: Blackwall will use this URL for the takedown.

    Step 4

    Report to the right channels

    Forward the .eml file to your national cybersecurity agency and to APWG. Send the URL to Blackwall so the hosting provider takes the site offline.

    Step 5

    Confirm the takedown

    Within a few hours the URL appears on browser block lists; Blackwall keeps you updated until the hosting provider confirms the site has been removed.

    Where you can report phishing emails

    Report in parallel: each channel acts at a different level.

    Blackwall
    Infrastructure

    Forwards the phishing URL to the hosting provider and registrar to get the page taken down. You receive status updates until it's confirmed.

    Report to Blackwall

    National cybersecurity agencies (e.g., BSI in Germany)

    Forward the .eml file to your national cybersecurity agency's reporting address: it feeds into national warnings.

    bsi.bund.de

    Consumer protection phishing radars

    Many consumer protection agencies run a phishing radar you can forward emails to. Submissions are reviewed and turned into public warnings for consumers.

    verbraucherzentrale.nrw

    APWG (international)

    Anti-Phishing Working Group. Forward the raw .eml file to reportphishing@apwg.org. Feeds global browser block lists.

    apwg.org/reportphishing

    Frequently asked questions

    Ready to report the phishing email?

    Submit the included URL in under two minutes. The Blackwall team handles the correspondence with the hosting provider for you.

    Cookie Notice

    We use cookies to ensure the functionality of our website. Necessary cookies are required for operation. Optional cookies help us improve our services. For more information, see our Privacy Policy.