Here's my good deed for the day. You might not be aware of this, but if you're in the U.S., the government wants your spam. Phishing, stock pump-and-dump schemes, "Nigerian" scams, bogus pharmaceuticals, forward it all (with complete headers, if possible) to firstname.lastname@example.org.
For phishing attempts, many companies have specific addresses to which you should also forward the messages. Here's a list, sampled from phishing attempts that I've received, as well as a few other institutions that come to mind. A few of these (too few) provide a link for information regarding phishing, including the reporting address, right on their main page. Others required digging.
- American Express: Anti.Phishing.Team@aexp.com
- Barclays Bank: email@example.com
- BB&T: InternetFraud@bbandt.com
- Chase Bank/JP Morgan: firstname.lastname@example.org
- Citibank, Citigroup: email@example.com
- EBay: firstname.lastname@example.org
- HSBC (USA-specific): email@example.com
- PayPal: firstname.lastname@example.org
- Visa: email@example.com
- Washington Mutual: firstname.lastname@example.org
- Wells Fargo: email@example.com
Incidentally, AOL sucks. They might very well have an abuse address for phishing, but if they do they make it much too difficult to find. They don't even list an abuse address in the whois database.
Amazon sucks slightly less. They don't provide an email address, but they have a web form that's not too difficult to find. Go to www.amazon.com, click on "Help", and look for questions on security and phishing. I don't want to provide a direct link, since it's likely to change.
MasterCard is just dumb. They tell you to forward phishing attempts to them, but they neglect to provide an email address. "Priceless," indeed. There is, of course, nothing in whois either.