Sure, Phouc, I have some things I can add here. Let me dig through my old notes (may take some time). Thank you for asking.
I will continue to modify this, sketch for now.
This is an example for a phishing site that is on a compromised account.
It is important to make your subject line stand out, if you just put "phishing" or use lower case letters, it may not be seen. Abuse desks weed thru thousands of emails, so the key is to make it stand out.
subject: [ABUSE] PHISHING on 18.104.22.168 / sampledomain.com
Most important is to notify the webhost and the webmaster (IF YOU KNOW THE WEBSITE is LEGITIMATE)
You don't have to CC the spoofed brand, but if you have time, you could do that.
To: abuse@ ISP
CC: spoofed bank example: abuse@
Subject line: PHISHING SITE on 22.214.171.124 / sampledomain.com
Please disable this phishing site spoofing Bank of America on
URL: http:// sampledomain.com/admin/phishpage.htm
This page was compromised and is hosting a phishing site. Please disable it immediately, take all measure to secure the website, or disable the website entirely if you are not able to secure it.