Phishing Report

One-click phishing reporting for Apple Mail. Forwards emails as .eml attachments to APWG, Netcraft, and Verbraucherzentrale — with full original headers preserved.

Download Script View on GitHub

How it works

Select a phishing email in Apple Mail, trigger the Quick Action, and it's reported automatically. Each email is sent as its own report with the original .eml attached.

✉️

Select email

→

⚡

Quick Action

→

📨

.eml attached

→

🛡️

3 services notified

Reporting services

Each report is sent to all three services simultaneously.

Service	Address	Scope
APWG Anti-Phishing Working Group	`reportphishing@apwg.org`	Global
Netcraft Takedown Service	`scam@netcraft.com`	Global
Verbraucherzentrale NRW Consumer Protection	`phishing@verbraucherzentrale.nrw`	Germany

Quick install

Setup takes about 5 minutes. You only need to do this once.

git clone https://github.com/kyannik/applescript-phishing-report.git

Open Automator Spotlight → "Automator" → New Document → Quick Action
Configure the workflow Set "Workflow receives" to no input in Mail.app
Add the script Search for "Run AppleScript", drag it in, paste the contents of report_phishing.applescript
Save Save as "Report Phishing"
Assign a shortcut System Settings → Keyboard → Keyboard Shortcuts → Services → assign e.g. ⌃⌥⌘P
Grant permissions Click "OK" when macOS prompts on first run. If missed: Privacy & Security → Automation

Tested and hardened

The script has been QA-tested against known Apple Mail AppleScript quirks.

✓ Async attachment bug — delay 2 before each send prevents Mail from sending empty reports
✓ IMAP guard — skips emails not fully downloaded, continues with the rest
✓ Error resilience — one bad email doesn't abort the entire batch
✓ File handle safety — nested try-blocks prevent leaked file handles on errors
✓ Temp cleanup — .eml files with sensitive content are deleted after sending
✓ Collision-free filenames — timestamps prevent overwrites on rapid re-runs