Reporting Cybercrime

IMPORTANT – If you are a business, charity or other organisation which is currently suffering a live cyber attack in progress (see below), please call 0300 123 2040 immediately

How to Report Cybercrime in the UK

Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland. This includes the reporting of cyber dependent crime such as network intrusion and unauthorised access to computer material, denial of service incidents and malware attacks.

The service is run by the City of London Police working alongside the National Fraud Intelligence Bureau (NFIB) who are responsible for assessment of the reports and to ensure that your fraud reports reach the right place. The City of London Police is the national policing lead for economic crime.

When you report to Action Fraud you will receive a police crime reference number. Reports taken are passed to the National Fraud Intelligence Bureau. Action Fraud does not investigate the cases and cannot advise you on the progress of a case.

Your report will be forwarded on, if appropriate, to a relevant Police service in the United Kingdom for assessment and further investigation if applicable.

Reporting Phishing

You can report phishing to the National Cyber Security Centre. NCSC will analyse the suspect email and any websites it links to. They will use any additional information you’ve provided to look for and monitor suspicious activity.

If they discover activity that they believe is malicious, they may:

  • seek to block the address the email came from, so it can no longer send emails
  • work with hosting companies to remove links to malicious websites
  • raise awareness of commonly reported suspicious emails and methods used

You may be protecting lots of other people who didn’t spot the scam!

Report Smishing

If you receive a text message from a sender you are familiar with, or from a short code, usually 5 digits long but can be up to 8, reply ‘STOP’ to the telephone number or short code shown in the text message. This will inform the sender that you no longer wish to receive their text messages.

However, if the text message is from an unknown sender, or from a sender you are not familiar with, we recommend you don’t reply. Responding to the text will confirm that your number is active and might actually result in you receiving more messages, or even voice calls.

Instead, you may report the text to your network operator by forwarding it to 7726 (which spells out ‘SPAM’ on your keypad).

What is a live cyber attack? 

A live attack is one that is ongoing, that is still affecting your system and your ability to work and there is an opportunity for law enforcement to stop the attack and/or secure evidence that will assist an investigation.

For example:

Cyber criminals have accessed your network and stolen personal information about your customers and are demanding payment for its safe return. This is also known as hacking extortion.


Your website is being flooded with traffic – customers are not able to access it as a result. This is called a distributed denial of service (DDOS) attack.

Submitting Information Anonymously