Where to Report Scam Websites – Full List of Official Agencies
Click to Zoom
To report a scam website, you must immediately file complaints with three primary authorities: the FBI Internet Crime Complaint Center for global law enforcement tracking, the Anti-Phishing Working Group for international cybercrime data sharing, and the Federal Trade Commission for consumer protection cases. For immediate website takedowns, you must report the malicious URL directly to the domain registrar and the website hosting provider using their dedicated abuse contact emails.
Time is your greatest enemy. You are dealing with organized transnational crime syndicates. Your data and money are currently funding illicit operations. Do not wait for an apology or a refund. Your immediate goal is to freeze the asset flow, flag the malicious infrastructure, and trigger a coordinated law enforcement response.
Global Authorities to Report Cybercrime
Filing a report with global intelligence hubs is mandatory. These organizations aggregate localized reports to build massive federal cases against global syndicates.
- FBI Internet Crime Complaint Center: The IC3 is the central intelligence hub for cyber-enabled crime in the United States and globally. Submit every piece of evidence you have directly to the official IC3 complaint submission portal. The FBI uses this data to track threat actor movements and dismantle illicit networks.
- Anti-Phishing Working Group: The APWG is a global coalition of law enforcement and cybersecurity firms. Forward malicious emails directly to reportphishing@apwg.org. They actively analyze trends and coordinate rapid takedowns of fraudulent domains.
- eConsumer: This is an initiative spanning over forty international consumer protection agencies. If the scam crosses international borders, log the incident at the eConsumer official reporting center to alert international authorities simultaneously.
- Spamhaus Project: An international threat intelligence organization. They maintain the most widely used blocklists in the world. Reporting an IP address or domain to the Spamhaus Domain Blocklist can cripple a scam operation by blocking their emails globally.
Jurisdictional Reporting Centers
You must notify the specific law enforcement agency operating within your geographic region. Failure to do so means local authorities remain blind to the active threat in their jurisdiction.
| Jurisdiction | Reporting Agency | Primary Focus | Submission Portal |
| United States | FTC | Consumer fraud and identity theft | ReportFraud.ftc.gov |
| United Kingdom | Action Fraud | National fraud and cybercrime | Action Fraud Cybercrime Portal |
| Canada | CAFC | National anti-fraud coordination | Canadian Anti-Fraud Centre |
| Australia | ReportCyber | Cyber abuse and online scams | ReportCyber Australia |
How to Execute a Tactical Domain Takedown
You do not just want to report the crime; you want to destroy the weapon. The weapon is the website. You must attack the infrastructure keeping the scam online.
1. Locate the Domain Registrar
Use the ICANN public WHOIS lookup tool. Enter the scam website URL. Locate the Registrar Name and the listed Abuse Contact Email. The registrar is the company that sold the domain name to the scammer.
2. Email the Abuse Desk
Send a clinical, evidence-backed email to the registrar. State clearly that the domain is hosting fraudulent activity. Include server logs, transaction hashes, or communication transcripts. Demand an immediate suspension of the domain based on their Terms of Service violations. To ensure compliance, use this exact abuse desk email template.
3. Report to Google Safe Browsing
Submit the malicious URL to the Google Safe Browsing report portal. This action is critical. Once Google verifies the threat, they will trigger a massive red warning screen for anyone attempting to visit the site using Chrome, Safari, or Firefox. This effectively kills the website traffic overnight.
Financial Reporting Protocols
Criminals need liquidity. You must choke their cash flow immediately. Do not rely solely on law enforcement to recover your assets.
- Traditional Banking: Call your bank fraud department immediately using the secure number on the back of your debit or credit card. Demand an immediate freeze on compromised accounts. Initiate chargeback protocols for all unauthorized credit card transactions. You must act aggressively and execute a forced bank chargeback for fraud.
- Cryptocurrency Exchanges: If you sent Bitcoin or stablecoins, trace the transaction hash on a public blockchain explorer. Identify the receiving exchange. Submit a formal fraud report to the compliance team of that specific exchange. Top-tier exchanges will freeze illicit funds if you provide a verified police report rapidly.
- Wire Transfers: If you used services like Western Union or MoneyGram, call their dedicated fraud hotlines immediately. If the wire has not been picked up by the receiver, you can often recall the funds.
Secure Your Digital Perimeter
Once you have been targeted, your information is likely circulating on the dark web. Scammers will return. They will use secondary tactics, pretending to be recovery agents or law enforcement officials offering to help you get your money back for a fee. This is a secondary recovery scam. You must learn how to recognize and block secondary recovery scams.
Change all critical passwords immediately. Enable hardware-based multi-factor authentication for your banking and primary email accounts. Learn how to set up hardware security keys to lock down your accounts completely. Lock your credit file with the major credit bureaus. Trust no unsolicited communications regarding your case.
Have you been scammed?
If you have lost money or suspect a website is fake, report it to us immediately to warn others.
REPORT A SCAM NOW