How to report a cybercrime

Who you gonna call?

Yasin Soliman

How to report a cybercrime

With barely a day going by without another large company or website reporting a data breach, it’s easy to fall into the mistake of thinking that it’s all-too-easy for online criminals to “get away with it”.

The widespread use of vulnerable software, unpatched poorly-defended systems, and the growing adoption of so-called “smart” devices has created a wider attack surface for those bent on intruding on company networks, planting malware, and stealing information.

And although cybercrime is undoubtedly becoming more commonplace, it would be a mistake to think that law enforcement agencies aren’t working hard to uncover those responsible and bring them to justice.

Sign up to our free newsletter.
Security news, advice, and tips.

In the UK, for instance, the National Crime Agency (and Regional Organised Crime Units) have shown great effort in crippling notorious cybercrime rings, botnets and a range of emerging threats. Yet three years after its official inception, an annual agency report reveals that cybercrime has surpassed traditional criminal activity.

What is clear is that the efforts of the police are hampered if victims are not prepared to come forward to report that they have been victims of online crime. Gathering evidence and putting a case together against an online criminal is so much harder, if you don’t have access to any victims.

So, if you believed that your company had been hacked or had suffered an internet attack – would you know who to contact?

How to report cybercrime and online fraud in the United States:

Those wanting to report a suspected hack in the United States can find helpful information on the FBI’s cybercrime portal, and the US Department of Justice has produced a helpful chart describing who to contact to report computer crime:

Type of Crime Appropriate federal investigative law enforcement agencies
Computer intrusion (i.e. hacking)
Password trafficking
Counterfeiting of currency
Child Pornography or Exploitation
Child Exploitation and Internet Fraud matters that have a mail nexus
Internet fraud and SPAM
Internet harassment
Internet bomb threats
Trafficking in explosive or incendiary devices or firearms over the Internet

In addition, the FBI provides a guide for state, local, tribal, and territorial (SLTT) law enforcement on how to refer cybercrime reports to federal government.

If you think you’ve been affected by an internet fraud incident, you can also file a report with the Internet Crime Complaint Centre (IC3).


How to report cybercrime and online fraud in the UK:

Action Fraud works alongside British law enforcement agencies as the “reporting centre” for fraud and cybercrime.

Action fraud

Clicking Report Fraud will ask a couple of questions and take you to the reporting system for active cybercrime incidents. On the other hand, if you received something suspicious but didn’t respond, choose the attempted report option instead.

If English isn’t your native language, Action Fraud provide a helpful language centre for making incident reports. The Action Fraud team provide a wealth of other helpful information, including a guide to scam emails and the extensive A-Z of Fraud.

To update a previously submitted report, you will need your Crime Reference Number (CRN) to hand. Visit the Update portal and submit the appropriate information directly.

Reporting cybercrime and online fraud in Europe:

Europol’s European Cybercrime Centre (EC3) works to “combat cybercrime in a digital age” by uniting the intelligence services of EU member states. The Report Cybercrime page on the Europol site provides a direct link to the dedicated reporting system for each country.

Along with an abundance of interesting reports and data, the EC3 sub-site also provides a range of useful links for Advisory Group members and content reporting services.

Reporting cybercrime elsewhere:

The Australian Commonwealth, State and Territory Governments developed the real-time ACORN (Australian Cybercrime Online Reporting Network) platform for reporting cybercrime incidents. ACORN also provides a range of educational materials and practical resources for staying safe online.

Visitors from other countries (such as Japan) should get in touch with the local law enforcement authority for the most relevant information.

Remember – some territories may not separate cybercrime prevention from other policing duties, so reach out to a non-emergency line if you’re unsure.

Researcher at heart, Yasin Soliman lives and breathes information security. You can find him on Twitter at @SecurityYasin.

4 comments on “How to report a cybercrime”

  1. John S

    Reporting Cyber Crime. If only is my response. I'm aware of a group (mostly east European) who are daily placing fraudulent adds on ebay, gumtree, autotrader using either hacked accounts or setting up their own. In order to collect the funds they have mules set up UK bank accounts (using phony documents obtained from the internet) and once the funds are in they withdraw them within minutes The number of frauds committed each day on each site runs into hundreds netting many thousands of pounds daily. However there is a dedicated group who spend their time rooting out these frauds and report them to the relevant site which then pull them (eventually) They have found that reporting each attempted fraud to ActionFraud to be a waste of time

    Should you wish to know the name of this group of white nights please contact me via email direct

    1. furriephillips · in reply to John S

      Hi John S,

      I recently reported a few calls who tried to con me into thinking they were from British Telecom & that they could see malware emanating from our network & would I like to share my desktop & let them help me fix it.

      I'm the networks & sysadmin for a global technology company & we're not with BT, so I told them to eff off & contacted ActionFraud.

      I felt underwhelmed by the experience.

      1. John S · in reply to furriephillips

        Unfortunately your not alone many other victims have expressed the same feelings In fact I can't recall any victim to my knowledge who has expressed satisfaction

        1. furriephillips · in reply to John S

          In this instance, I think "victim" is a bit strong, as the potential scammer was out of his depth – I'd really love to be able to have a greater impact on the scammers.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.