Phishing investigations

IFW investigates phishing scams with unparalleled expertise, combating financial fraud across the globe.

Phishing occurs when scammers try to trick targets into sharing personal information such as passwords, credit card numbers or bank account details. Armed with more than 30 years of experience in evidence gathering, our licenced phishing investigation experts tackle large-scale attacks to track down culprits and shut down scams.

If you have fallen victim to a phishing scam, the actionable intelligence we uncover can be utilised to help recover your money and take legal action against the criminal who stole it. Book a consultation with IFW today to arrange a phishing investigation.

As featured on

Phishing attack investigators with a proven track record

World-class phishing investigations

Our investigators, analysts and researchers have been collecting evidence to fight fraudulent operations around the world for decades. Global leaders in phishing attack investigation, we have the expertise to unravel any scam with exceptional efficiency.

Powerful techniques

Availing of direct access to local databases, expert witnesses in cyber fraud, and a network of confidential informants, IFW employs a plethora of proactive methods to conduct meticulous investigations into even the most sophisticated phishing scams from foreign countries.

Global connections

IFW has vast experience collaborating with state, federal and international law enforcement agencies. Our investigators can also partner with local and foreign correspondent lawyers to reveal money trails and hidden assets in almost any country.

Actionable evidence

IFW delivers a detailed brief of evidence for use in criminal proceedings in the relevant jurisdiction. Equipped with proof of phishing fraud, and the identities of those behind it, you can take measures to prosecute the offender and recover your losses.

Robust results

IFW investigators play a pivotal role in assisting international law enforcement agencies to crack down on fraud syndicates, gathering crucial intelligence that has facilitated major police raids, arrests and prosecutions across the globe.

Total discretion

Our passionate team performs every phishing attack investigation with unwavering professionalism, sensitivity and discretion. To safeguard our clients’ confidentiality, we encrypt every piece of personal data and will never disclose case details without consent.


5 key factors to consider in a phishing investigation

1. The wider context

The type of phishing attack and its timeline and targets will all be reviewed in detail to determine any patterns present. This insight can help to identify the scammer behind the email, their strategy and motivations.

2. The header content

Header content may be topline, but it can reveal deeper information about the culprit when assessed by phishing investigation experts. Email headers may help us to uncover the attacker’s actual email address and domain, even if they have used fake details. What’s more, while additional headers are rare, they can shed light on mail scripts, URLs, and the IP address. 

Is the email coming from a trusted domain? Does it have sufficient records and do they match? Is the IP address in a reputable location? This is what we will seek to uncover.

3. The decoy content, URLs and files

It is important to examine the fraudulent email, malicious code or illegitimate website that duped the victim into engaging with this scam. Often, the most integral information is surface level. This stage involves analysing components such as:

  • Attachments that may contain malware
  • Malicious links that are masqueraded as legitimate URLs.
  • Pushy messaging with a sense of urgency and/or inflated promises.
  • Webpage code that may contain text comments, inactive software functions, coder nicknames and other key indicators.
  • The website’s functional features, forms and technology stack.

4. The receiver’s response

In any phishing investigation, it is essential to consider the degree of damage done, as this will inform the overall approach.

Did the victim click the malicious link or open the attachment? If yes, is their account compromised and has money already been stolen? Have the victim’s other security programs triggered an alert?

Additionally, any unusual activity associated with the victim’s account after the phishing attack, such as new login locations or suspicious withdrawals, will be investigated thoroughly.

5. The attacker’s identity

Equipped with the above findings, it’s time to identify and track down the cybercriminal behind the attack. At IFW, we have the global resources and decades of expertise to bring attackers to justice around the world. Our skilled investigators can also gather further admissible evidence to help prove this scammer’s involvement in court.

Frequently asked questions

  • A phishing attack is a scam whereby the offender pretends to request personal details on behalf of a legitimate business, such as a financial institution. In reality, they are tricking you into sharing sensitive information so that they can access and steal your money.

  • Phishing attacks work in a variety of ways – you can be contacted via email, social media, phone call, text message or some other form of communication. The offender may pretend to be an official organisation notifying you of unauthorised or suspicious activity on your account, or asking you to confirm your identity by providing personal details.

    If you share this sensitive information with the scammer, they may then be able to access and steal your money.

  • The key difference between phishing and spear phishing is the scale of targeting. Whereas phishing emails are sent en masse to many recipients at once and often at random, spear phishing emails are designed to target certain individuals or organisations.

  • Whaling phishing is a form of fraud with high-value targets, such as large corporations. Attackers may pretend to be C-suite executives or business partners, sending emails to company personnel to request confidential information so that they can access funds.

    If you suspect that you have been targeted by a whaling phishing scam, you must act urgently. Please contact IFW today for assistance containing the attack. We are experts in large-scale fraud such as email phishing scams on commercial business.

  • It’s important to be aware that phishing messages are designed to appear legitimate, and regularly copy the same format and branding used by the organisation the scammer is impersonating. To detect a phishing scam, look carefully for these red flags:

    • A fake website may have a slightly different address to its genuine counterpart
    • The message is requesting that you update or verify your personal details
    • The message fails to address you by your full name, and may include typing and/or grammatical errors.
    • Unfamiliar icons show up on your computer screen, or your computer’s speed has slowed down after the communication.
  • If you suspect that you have received a phishing email, it is crucial to contact IFW as soon as possible. Additionally, please follow the below instructions:

    • Do not let the scammer know that you have identified their scam.
    • Do not open any attachments or click on any links.
    • Do not provide any personal details. 
    • Perform an internet search of the exact name or wording to see if anyone else has been targeted by the scam. 
    • Contact the institution the scammer is pretending to be immediately and ensure they are aware of the scam. 
    • Immediately report the fraud to the Police or via your national fraud reporting portal (for example: Australia – www.cyber.gov.au, USA – www.ic3.gov, UK – www.actionfraud.police.uk, Canada – www.antifraudcentre.ca)
  • In general, IFW is able to complete a phishing investigation within one to three months. However, this time frame varies according to the case’s complexity and whether or not legal proceedings are taking place.

    Once this milestone has been reached, a recovery strategy must be undertaken in light of the investigation’s insights. This process typically involves the preparation of an initial demand letter, which, if ignored, is ensued by legal action and/or the filing of a criminal complaint and close collaboration with law enforcement agencies.

    At this stage, IFW investigators will support law enforcement officials with the filing of search warrants and/or criminal charges against the offender, who may be arrested and prosecuted.

  • The cost of investigating a phishing scam depends on the complexity of the case, the amount of money concerned, and the jurisdiction in which the offenders operate.

    Generally, the greater the losses, the more sophisticated and costly the investigation – especially if your money has already been transferred across financial institutions or money-remitting platforms. 

    IFW’s investigators will provide you with a personalised proposal for your case, including a budget to maximise the likelihood of a successful result.

  • It’s important to understand that successful recovery is never guaranteed. However, the more powerful the evidence against the scammer, the greater the likelihood that you will be able to file a Court case – and legal proceedings often lead to a recovery.

    IFW will perform a preliminary assessment of your case to advise on the realistic chances of recovery, so that you can make an informed decision on whether or not to proceed with an investigation.

Submit an enquiry

Understand the process and make an informed decision about engaging IFW Global services. Complete our enquiry form and get started with your investigation.

IFW Global has an extensive array of integrated services with one objective

View all