Guide How To Report Scams And Keep Your Website Safe

Phishing scams remain the most prevalent, accounting for 84% of all cyber incidents reported by UK businesses in 2024. Here is a step by step guide to how to report a scam and protect your business.

Recent reports indicate that in the past five years, cyberattacks have cost British businesses approximately £44 billion in lost revenue, with over 52% of private sector companies experiencing at least one attack during this period.

Phishing scams remain the most prevalent, accounting for 84% of all cyber incidents reported by UK businesses in 2024.

The financial impact of these scams is profound. In 2024 alone, scams accounted for £11.4 billion in losses, representing 0.4% of the UK's GDP, with an average loss of £1,443 per victim.

Despite the significant financial repercussions, a substantial number of incidents go unreported, allowing fraudsters to continue their activities unchecked.

For businesses, the consequences extend beyond immediate financial losses. Reputational damage, loss of customer trust, and potential legal ramifications can have long-term detrimental effects. 

For instance, the UK Financial Conduct Authority issued a warning against the cryptocurrency platform Pump.Fun, leading to its blockage for UK residents due to operational challenges and security breaches. 

Given the escalating nature of these threats, it is imperative for businesses to adopt proactive measures to safeguard their operations. Implementing robust cybersecurity protocols, conducting regular risk assessments, and fostering a culture of awareness among employees are essential steps in mitigating the risk of falling victim to scams. 

Promptly reporting any fraudulent activities to the appropriate authorities not only aids in addressing the immediate threat but also contributes to broader efforts in combating cybercrime.

If your website or business has been targeted by a scam, taking swift and effective action is essential to minimize harm and protect your reputation. This comprehensive guide will walk you through the steps to report scams and take action against fraudulent websites or activities.

Understanding the importance of reporting scams

Reporting scams is not only vital for protecting your business but also for safeguarding the broader digital ecosystem. According to a report by the UK’s National Cyber Security Centre (NCSC), in 2023, over 6.5 million scam-related incidents were reported, with phishing schemes and fraudulent websites being the most common threats. The financial losses associated with these scams amounted to billions of pounds, highlighting the critical need for robust preventive and reactive measures.

For instance, the 2020 “Fake Invoice” scam in the UK led to losses exceeding £93 million, largely targeting small and medium-sized enterprises (SMEs). Such examples demonstrate how unreported scams can perpetuate harm, undermining trust in digital systems.

By notifying the appropriate authorities and organisations, you can:

1. Prevent further harm: By promptly notifying relevant authorities, businesses and individuals can mitigate the impact on their customers, partners, and stakeholders. For instance, in 2023, phishing scams targeting UK financial institutions resulted in over £1.3 billion in losses, according to UK Finance. However, collaborative reporting by affected parties led to swift action, reducing the spread of the fraudulent activities and protecting additional victims from harm.

2. Enforce accountability: By exposing the actions of scammers, organisations enable law enforcement and regulatory bodies to investigate and penalise perpetrators. This deters future criminal activities and strengthens the legal framework against cyber fraud. The 2020 crackdown on a large-scale fake investment scheme in Europe, which defrauded victims of millions of pounds, is a prime example of how collaborative reporting led to the successful prosecution of offenders.

3. Improve cybersecurity: Data collected from scam reports helps authorities and cybersecurity experts identify patterns and develop strategies to combat emerging threats. Global efforts, such as those by INTERPOL's Cybercrime Division, heavily rely on such insights to address vulnerabilities in the digital ecosystem.

4. Protect your brand reputation: Organisations that report scams demonstrate a commitment to transparency and responsibility, thereby protecting their brand reputation. In a highly competitive market, businesses that proactively address scams send a clear message to their stakeholders about their integrity and dedication to safeguarding customer interests. This not only enhances trust but also reinforces a company’s standing as a reliable entity in the digital landscape.

Step-by-step guide to reporting scams

1. Identify and document the scam: The first step is to gather evidence and document the scam thoroughly:

• Save URLs and emails: Copy the web address of the fraudulent site, and save suspicious emails, messages, or links. This information is crucial for identifying the scam's source.
• Take screenshots: Capture visual evidence of any pop-ups, fake forms, phishing emails, or other suspicious activities.
• Record dates and times: Note when the scam occurred and any interactions you had. This timeline can help authorities trace the activities.
• Collect IP addresses: Use tools like WHOIS or other IP lookup services to find information about the scammer. These details often reveal the hosting provider or the geographic location of the scammer.

2. Report to Google: Google provides tools to report scams and deceptive practices that affect your business:

• Google Safe Browsing: Submit the URL of the scam site to Google Safe Browsing to help warn other users and improve Google’s security measures.
• Google Search Console: If the scam affects your website, log in to Google Search Console and check for security issues. Resolve flagged issues and request a review.
• Google Ads: If scammers are using Google Ads for deceptive practices, report them through the Google Ads Complaint Center.

3. Notify the hosting provider: Determine the hosting provider of the fraudulent website using a WHOIS lookup tool like ICANN WHOIS. Once identified:

• File an abuse complaint: Contact the hosting provider through their abuse reporting channels. Most providers have a dedicated email or form for such reports.
• Include evidence: Most hosting providers have dedicated channels for reporting abuse. Submit a detailed complaint, including evidence such as URLs, screenshots, and descriptions of the scam.

4. Submit a DMCA takedown notice (if applicable): If the scam involves stolen content, such as your website’s text, images, or videos, file a Digital Millennium Copyright Act (DMCA) takedown notice:

• Contact the hosting provider: Use the DMCA process to request the removal of stolen content from the fraudulent site.
• Report to Google: Submit a takedown request via the Google DMCA Dashboard.

5. Report to regulatory and cybercrime authorities: Depending on your region, you can escalate your report to relevant authorities:

• United States: File a complaint with the Federal Trade Commission (FTC) at reportfraud.ftc.gov.
• European Union: Use Europol’s Cybercrime Reporting Platform available at Europol.
• Australia: Submit scam details at Scamwatch.
• India: Report scams at Cybercrime.gov.in.

6. Report to anti-scam organisations: Leverage organisations specializing in combating scams:

• APWG (Anti-Phishing Working Group): Report phishing scams to reportphishing@apwg.org.
• SpamCop: Use SpamCop to report email scams and help block spammers.

7. Inform CERTs (Computer Emergency Response Teams): CERTs are national or regional teams responsible for addressing cybersecurity incidents:

• Use FIRST.org’s Directory to find the appropriate CERT for your country.
• File a report with evidence of the scam.

8. Engage social media platforms: If the scam involves social media:

• Report fraudulent accounts or ads: Use the platform’s reporting tools (e.g., Facebook, Instagram, Twitter).
• Provide evidence: Attach screenshots and links for faster action.

9. Notify your customers and stakeholders: Communication is key to maintaining trust:

• Send alerts: Inform affected users via email or or website updates about the scam and potential risks.
• Educate on phishing: Share tips and guidelines to help your audience identify and avoid scams in the future.
• Be transparent: Clearly outline the steps your organisation is taking to address the issue and prevent recurrence.

10. Seek legal advice: Consult a lawyer if the scam has caused significant damage or involves legal violations. They can:

• Draft cease-and-desist letters: A legal professional can help issue letters to scammers or their hosting providers.
• Pursue civil or criminal action: If applicable, a lawyer can guide you in filing lawsuits or seeking compensation for damages caused by the scam.

Proactive measures to protect your website and business

While reporting scams is critical for addressing immediate threats, prevention is equally vital to safeguarding your website and business from fraudulent activities. By implementing proactive measures, organisations can reduce vulnerabilities and enhance their overall security posture. Below is a detailed guide to preventive strategies.

1. Enhance website security: Ensuring your website is secure is the first line of defence against cyberattacks and scams.

• Use HTTPS protocols: Secure your website with HTTPS by obtaining an SSL certificate. According to Google Transparency Report, as of 2023, 95% of websites accessed via Google Chrome use HTTPS, which encrypts data exchanged between users and the site, reducing the risk of interception by scammers.
• Secure hosting services: Choose hosting providers with strong security measures, such as DDoS protection, malware scanning, and automated backups. Reputable providers often include built-in security features to minimise risks.
• Regular updates: Keep all software, plugins, and content management systems (CMS) up to date. Outdated systems are prime targets for hackers. For instance, the UK National Cyber Security Centre (NCSC) identified that 80% of hacked websites in 2022 used outdated plugins.
• Web Application Firewalls (WAFs): Implement WAFs to block malicious traffic and filter out harmful activities such as SQL injections and cross-site scripting (XSS). WAFs act as a protective shield between your website and external threats.

2. Monitor for scams: Ongoing monitoring helps identify potential threats before they escalate.

• Google alerts: Set up Google Alerts to track mentions of your business name, products, or services. This can help detect scams impersonating your brand. For example, a 2023 case involving fake e-commerce sites using well-known retail brands was identified through such tools, saving customers significant financial loss.
• Website scans: Regularly scan your website for vulnerabilities using tools like Sucuri, Qualys, or Nessus. These tools can detect weak points in your system and recommend fixes to strengthen your defences.

3. Educate your team: A well-informed team is a crucial asset in combating scams. Employees often serve as the first line of defence against phishing attempts and other cyber threats.

• Phishing awareness training: Conduct regular training sessions to help employees identify phishing emails, fake websites, and social engineering tactics. For example, simulated phishing exercises by KnowBe4 have proven effective in reducing employee susceptibility to phishing by over 50% within one year.
• Verification of requests: Encourage employees to verify all unusual requests, especially those involving financial transactions or sensitive data. For instance, verifying email requests could have prevented a 2021 case where a UK-based company lost £800,000 to an impersonation scam.
• Prompt incident reporting: Establish a clear reporting mechanism for suspicious activities. Employees should know who to contact and how to escalate issues immediately.

4. Engage cybersecurity experts: Hiring cybersecurity professionals can significantly enhance your organisation’s ability to prevent and respond to threats.

• Conduct security audits: Cybersecurity experts can perform comprehensive audits to identify vulnerabilities in your digital infrastructure. These audits provide actionable insights and recommendations to improve your defences.
• Threat monitoring: Professionals can implement continuous monitoring systems to detect and mitigate threats in real time. For instance, managed detection and response (MDR) services are increasingly popular among SMEs for their cost-effectiveness and efficiency.
• Advanced protection systems: Cybersecurity professionals can deploy advanced technologies, such as endpoint protection and intrusion detection systems, to safeguard your organisation against evolving threats.

Some statistics and examples

Understanding the current landscape of cybersecurity threats is crucial for businesses aiming to protect their digital assets. Below are pertinent statistics and examples highlighting the prevalence and impact of cyberattacks in the UK:

• In 2022, the NCSC reported that businesses with proactive cybersecurity measures reduced the likelihood of breaches by 70%.
• A case study from Verizon's 2023 Data Breach Investigations Report highlighted that organisations with ongoing employee training programmes experienced a 60% lower incidence of phishing attacks.
• Small and medium-sized enterprises (SMEs) in the UK that used WAFs and regular audits reported a 40% improvement in website uptime and security, as per a 2023 study by Cyber Essentials.
• Phishing remains the most common type of cyber threat. The UK's Cyber Security Breaches Survey 2023 reported that 79% of businesses identified phishing attacks in 2023, up from 72% in 2017.
• In October 2023, the British Library suffered a significant ransomware attack by the hacker group Rhysida, resulting in the public release of approximately 600GB of sensitive data. The attack disrupted services and is considered one of the most severe cyber incidents in British history.
• In 2023, there were over 252,000 reported cases of APP scams in the UK, amounting to approximately £341 million. While the number of scams increased by 12% from 2022, the total value lost decreased by 12%. Notably, 67% of the lost amount was reimbursed to victims, an improvement from the 61% reimbursement rate in 2022.
• In 2023, at least six FTSE 100 and FTSE 250 companies, including WPP and Octopus Energy, experienced deepfake fraud attacks. Fraudsters used artificial intelligence to create realistic video and voice clones of chief executives to deceive employees into transferring funds.
• In 2023, Paul Abbott's logistics company, KNP, fell victim to a ransomware attack by the Russian-based group Akira. The cyberattack led to the loss of critical financial data, resulting in the company's collapse within three months and the loss of 730 jobs.

Conclusion

Scams targeting your website or business can have severe consequences, but by taking swift and strategic action, you can mitigate the damage. Reporting scams to the right authorities and organisations not only protects your business but also helps create a safer digital environment for everyone. 

Combine reporting efforts with robust preventative measures to safeguard your online presence and reputation. Stay vigilant, and remember: your proactive efforts can make a significant difference in combating online scams.