With barely a day going by without another large company or website reporting a data breach, it’s easy to fall into the mistake of thinking that it’s all-too-easy for online criminals to “get away with it”.
The widespread use of vulnerable software, unpatched poorly-defended systems, and the growing adoption of so-called “smart” devices has created a wider attack surface for those bent on intruding on company networks, planting malware, and stealing information.
And although cybercrime is undoubtedly becoming more commonplace, it would be a mistake to think that law enforcement agencies aren’t working hard to uncover those responsible and bring them to justice.
In the UK, for instance, the National Crime Agency (and Regional Organised Crime Units) have shown great effort in crippling notorious cybercrime rings, botnets and a range of emerging threats. Yet three years after its official inception, an annual agency report reveals that cybercrime has surpassed traditional criminal activity.
What is clear is that the efforts of the police are hampered if victims are not prepared to come forward to report that they have been victims of online crime. Gathering evidence and putting a case together against an online criminal is so much harder, if you don’t have access to any victims.
So, if you believed that your company had been hacked or had suffered an internet attack – would you know who to contact?
How to report cybercrime and online fraud in the United States:
Those wanting to report a suspected hack in the United States can find helpful information on the FBI’s cybercrime portal, and the US Department of Justice has produced a helpful chart describing who to contact to report computer crime:
|Type of Crime||Appropriate federal investigative law enforcement agencies|
|Computer intrusion (i.e. hacking)|
|Counterfeiting of currency|
|Child Pornography or Exploitation|
|Child Exploitation and Internet Fraud matters that have a mail nexus|
|Internet fraud and SPAM|
|Internet bomb threats|
|Trafficking in explosive or incendiary devices or firearms over the Internet|
In addition, the FBI provides a guide for state, local, tribal, and territorial (SLTT) law enforcement on how to refer cybercrime reports to federal government.
If you think you’ve been affected by an internet fraud incident, you can also file a report with the Internet Crime Complaint Centre (IC3).
How to report cybercrime and online fraud in the UK:
Action Fraud works alongside British law enforcement agencies as the “reporting centre” for fraud and cybercrime.
Clicking Report Fraud will ask a couple of questions and take you to the reporting system for active cybercrime incidents. On the other hand, if you received something suspicious but didn’t respond, choose the attempted report option instead.
If English isn’t your native language, Action Fraud provide a helpful language centre for making incident reports. The Action Fraud team provide a wealth of other helpful information, including a guide to scam emails and the extensive A-Z of Fraud.
To update a previously submitted report, you will need your Crime Reference Number (CRN) to hand. Visit the Update portal and submit the appropriate information directly.
Reporting cybercrime and online fraud in Europe:
Europol’s European Cybercrime Centre (EC3) works to “combat cybercrime in a digital age” by uniting the intelligence services of EU member states. The Report Cybercrime page on the Europol site provides a direct link to the dedicated reporting system for each country.
Along with an abundance of interesting reports and data, the EC3 sub-site also provides a range of useful links for Advisory Group members and content reporting services.
Reporting cybercrime elsewhere:
The Australian Commonwealth, State and Territory Governments developed the real-time ACORN (Australian Cybercrime Online Reporting Network) platform for reporting cybercrime incidents. ACORN also provides a range of educational materials and practical resources for staying safe online.
Visitors from other countries (such as Japan) should get in touch with the local law enforcement authority for the most relevant information.
Remember – some territories may not separate cybercrime prevention from other policing duties, so reach out to a non-emergency line if you’re unsure.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
4 comments on “How to report a cybercrime”
Reporting Cyber Crime. If only is my response. I'm aware of a group (mostly east European) who are daily placing fraudulent adds on ebay, gumtree, autotrader using either hacked accounts or setting up their own. In order to collect the funds they have mules set up UK bank accounts (using phony documents obtained from the internet) and once the funds are in they withdraw them within minutes The number of frauds committed each day on each site runs into hundreds netting many thousands of pounds daily. However there is a dedicated group who spend their time rooting out these frauds and report them to the relevant site which then pull them (eventually) They have found that reporting each attempted fraud to ActionFraud to be a waste of time
Should you wish to know the name of this group of white nights please contact me via email direct
Hi John S,
I recently reported a few calls who tried to con me into thinking they were from British Telecom & that they could see malware emanating from our network & would I like to share my desktop & let them help me fix it.
I'm the networks & sysadmin for a global technology company & we're not with BT, so I told them to eff off & contacted ActionFraud.
I felt underwhelmed by the experience.
Unfortunately your not alone many other victims have expressed the same feelings In fact I can't recall any victim to my knowledge who has expressed satisfaction
In this instance, I think "victim" is a bit strong, as the potential scammer was out of his depth – I'd really love to be able to have a greater impact on the scammers.