Cybercrime can be difficult to investigate and prosecute because it can cross legal jurisdictions, even international boundaries. Offenders often disband online criminal operations and launch new ones with new approaches at a rapid clip. This constant churn means authorities can be working one step behind the hackers.
At the end of the day, stopping cybercriminals begins with you. If you’re a target of cybercrime, it can’t be rectified unless the authorities are aware of it. This is also true if you were just a potential target of a nefarious attack, like you identified a phishing email or text before clicking any links. Depending on the nature of the attack, reporting a cybercrime can be as simple as selecting a button on your email program.
Here’s how you can do your part and report cybercrime:
Who to contact
Local law enforcement
Even if you have been the target of a multinational cybercrime, your local law enforcement agency (such as your local police department or sheriff’s office) has an obligation to help you by taking a formal report. They’re also required to make referrals to other agencies when appropriate. Report your situation as soon as you find out about it. Many local agencies have detectives or departments that focus specifically on cybercrime.
Your workplace’s IT department
If the cybercrime happened in a work context, like if you received a suspected phishing email in your work email inbox, you should contact a supervisor or your company’s IT department. It’s important that you report the situation promptly—cybercriminals might be targeting your company at large, so early detection can be critical in stopping this.
Your email provider
Deleting spam, malicious messages, or any other suspicious emails keeps you safe, but you can bolster your cybersecurity by reporting any serious cybercrime attempt to your email client. Many major email services (like Gmail and Outlook) make this easy to do. You can also block senders, so you can ensure a bad actor email account never contacts you again. However, remember that cybercriminals change email addresses and spoof legit ones.
The Internet Crime Complaint Center (IC3)
You can get the federal government’s help with your issue by contacting IC3. IC3 is a partnership between the FBI and the National White-Collar Crime Center. IC3 will thoroughly review and evaluate your complaint and refer it to the appropriate federal, state, local, or international law enforcement or regulatory agency that has jurisdiction over the matter.
Federal Trade Commission (FTC)
While the FTC does not resolve individual consumer complaints, it does run the Consumer Sentinel, a secure online database used by civil and criminal law enforcement authorities worldwide to detect patterns of wrong-doing. Nailing down patterns leads to investigations and prosecutions.
If you’re the victim of identity theft, you can receive additional help through the FTC hotline at 877.IDTHEFT (877.438.4338). Find more resources aimed at individuals, businesses and law enforcement at identitytheft.gov.
Local victim services provider
Because cybercrime has impacted so many people across the country, many communities in the United States actually have victim advocate initiatives to help you. These advocates can help you with resources, emotional support and advocacy.
Collect and keep evidence
You might not be asked to provide evidence when you initially report cybercrime, but it’s imperative that you keep any evidence related to the complaint. That phishing email, suspicious text, or ransomware isn’t just bits and bytes—it’s evidence. This material can help law enforcement stop and prosecute hackers.
Keep items in a safe location in case you’re requested to provide them for investigative or prosecutive evidence. All of the following documentation might be considered evidence, but you should keep anything you think could be related to the incident:
- Canceled checks
- Certified or other mail receipts
- Chatroom or newsgroup text
- Credit card receipts
- Envelopes (if you received items via FedEx, UPS or U.S. Mail)
- Facsimiles
- Log files, if available, with date, time, and time zone
- Social media messages
- Money order receipts
- Pamphlets or brochures
- Phone bills
- Copies of emails, preferably electronic copies. If you print the email, include full email header information
- Copies of web pages (preferably electronic)
- Wire receipts
Cybercrime is a complex issue, but it doesn’t mean we’re powerless against it. By staying informed, reporting suspicious activity, and collecting evidence, you can be a crucial part of the solution. Remember—you’re not alone. Together, with informed reporting and evidence, we can empower law enforcement to track down cybercriminals and make the online world safer for everyone.
I need help immediately because supposedly “GOCU” called me with a poor connection and very fast talkers saying there were 3 transactions today that somehow someone got into my account, then turned off the feature that gives me the code when I log in. How did they get initially? I don’t feel comfortable about the call I got from”GOCU” and I need to talk to someone now!
Deborah — That call did not come from us. We will never call you to ask for account information/multi-factor authentication codes. You can call Member Services at 800.533.2062 to report this.