If you get a phishing email, it can be a little scary. Fortunately, nothing infects your computer if you don't click on any links or respond. Here's What To Do (and What To Do)nodo) if you receive a phishing email.
In a phishing email, the sendertry to get you to click on a linkor provide personal information, such as bank details or passwords. are a conventionalsocial engineering attack. We explain in detailhow phishing emails work, which are worth reading if you're not familiar with them or don't know how to spot one.
But what should you do if you receive a phishing email?
Don't panic and don't click on any links
When you receive a suspicious phishing email, don't panic. Modern email clients like Outlook, Gmail and Apple Mail do an excellent job of filtering emails that contain malicious attachments or code. Just because a phishing email lands in your inbox doesn't mean your computer is infected with a virus or malware.
Esperfectly safe to open an email(and use the preview pane). Email clients don't allow code to run when you open (or view) an email for a decade or more.
However, phishing emails are a real security risk. It shouldNeverclick a link in an email or open a file attached to one, unless you are 100% sure you know and trust the sender. You should also never reply to the sender, even to tell them not to send you any more emails.
Phishers can send emails to thousands of addresses every day, and if you reply to one of their messages, it confirms that your email address is active. That makes you even more of a target. Once the phisher knows you're reading his emails, he'll send more attempts and wait for one of them to work.
So, to be clear:Do not click on any links, do not open any attachments and do not respond.
RELATED: Why You Can't Get Infected Just by Opening an Email (Further)
check with sender
If a suspicious email appears to be from someone you know or a company you use, check with them to make sure the message is legitimate.To donoreply to the email. If it appears to be from someone you know, create a new email, text or call the person and ask if they sent you the email. Do not forward the email as this only propagates the potential phishing attack.
If the email claims to be from a company you use, such as your bank, gym, medical institution, or online retailer, go to their website and contact them there. Again,to do noclick any link in the email. Enter the website address yourself (or use your preferred search engine) and use your contact options to ask the company if they sent it to you.
If the email appears to have been sent to a lot of people, such as a communication about an app update, you can also tweet the company at their official address and ask them directly. The rep won't know the individual emails, but he will know if the company has sent a communication to all customers.
RELATED: What is Typosquatting and How Do Scammers Use It?
inform email
There are four types of organizations you can report phishing emails to:
- Your company
- Your email provider
- A government body
- The organization the email must come from
Report to your company
If you receive a phishing email at your work address, follow your company policy instead of doing anything else. Your IT security policies may require you to forward a phishing email to a specific address, fill out an online report, file a ticket, or simply delete it.
If you're not sure what your company's policy is, ask your IT security team. We recommend that you discoverbeforereceive a phishing email if possible. It's better to prepare and be ready.
Notify your email provider
Your email provider likely has a process you can follow to report phishing emails. The mechanism varies from provider to provider, but the reason is the same. The more data the company has on phishing emails, the better spam/junk filters can do to stop scams from reaching you.
If Google or Microsoft provide your email account, they have a built-in reporting mechanism for their customers.
On Google, click the three dots next to the Reply to email option and select "Report Phishing".
A panel opens and asks you to confirm that you want to report the email. Click "Report Phishing Email" and Google analyzes the email.
The Outlook client does not provide an option to report an email to Microsoft, but theOutlook Web Apphe does. It works the same way as Gmail. Click the three dots next to the Reply to email option and select "Mark as phishing".
This opens a panel to confirm that you want to report the email. Click "Report" and then Microsoft reviews the email.
You cannot report a phishing email directly in the Apple Mail client. Instead, Apple asks that you forward the message toreportphishing@apple.com.
For any other email provider, look online to see how it reports phishing emails to them.
Report to a government agency
Some countries have agencies that deal with phishing emails. In the US, the Cybersecurity and Infrastructure Security Agency (a branch of the Department of Homeland Security)ask you to forward the emailaphishing-report@us-cert.gov. In the UK, you can report mail tofraudulent action, o National Cybercrime and Fraud Reporting Center.
In other countries, a quick search should tell you if and how you can report a phishing email to the authorities.
If you report a phishing email to your ISP or a government agency, don't expect a response. Instead, email providers and government agencies use the information you submit to try to prevent accounts from sending emails. This includes blocking senders (or adding them to spam/junk filters), shutting down their websites, or even prosecuting them if they violate any laws.
By reporting phishing emails, you help everyone by helping authorities block as many of them as possible. As more people report phishing emails, more agencies and vendors can prevent senders from sending them.
Inform the company that allegedly sent the email
If the phishing email is from a company, you can often report it directly to that company. For example, Amazon hasa dedicated email address and formto report phishing by email and by phone.
Most companies and government agencies (especially those dealing with financial or medical businesses) have ways to report phishing. If you search for "[company name] phishing report", you can find it quickly.
Mark sender as junk or spam
You probably don't want to receive any more email from the person who sent it. Mark it as spam or junk mail and your email client will block any further email from that address. We cover how to do this in ourguia do gmailythis article in Outlook.
You can add senders to a spam/junk list in any email client. If you use something other than Gmail or Outlook, consult your company's documentation to learn how to mark a message as spam.
delete email
Finally, delete the email. This usually sends it to the trash or deleted items folder, so be sure to delete it there as well. It is not necessary to save it after reporting it.
You don't need to run a virus scan or clear your browser history just because you received a phishing email. However, you must run an antivirus program (we likeMalwarebytes para Windows e Mac), and it doesn't hurtscan from time to time.
If you run a regularly updated antivirus program, it should catch anything malicious before it runs. Also, if you don't click on a link or open an attachment in the email, it's unlikely you've downloaded something malicious onto your system.
Don't worry and carry on
Phishing emails are annoyingly common. Fortunately, your spam or junk mail filters catch them most of the time and you never see them. Sometimes they don't even get that far because the provider stops them. To defeat the few that make it through, just be careful and don't click on any links or attachments unless you're sure they're safe.
RELATED: Why do they write phishing with 'ph?' an unlikely tribute
Millions of phishing emails are sent every day, so don't worry, you're not normally a target. Just follow the easy steps we covered above and get on with your day.
READ FOLLOWING
- ›How to spot a text message scam
- ›How to identify a fraudulent website
- ›PSA: Beware of This New Amazon Email Phishing Scam
- ›How to protect yourself from SIM swapping attacks
- ›Beware of these 7 Facebook scams
- ›Can my iPhone or iPad catch a virus?
- ›9 cybersecurity tips to stay protected in 2023
- ›Where is the Alt key on a Mac?
FAQs
What is the easiest way to report a phishing email? ›
To report spoofing or phishing attempts—or to report that you've been a victim—file a complaint with the FBI's Internet Crime Complaint Center (IC3).
What action is required when you have received a suspicious email at work? ›If you receive a suspicious email that looks like it came from a company that you know and trust, report the email to the faked or "spoofed" organization. Contact the organization directly (not through the email you received) and ask for confirmation on the validity of the message.
Do you delete phishing emails? ›If you receive any unwanted email, the best approach in almost every case is to delete it immediately. It is often clear from the Subject line that a message is junk, so you may not even need to open the message to read it.
Should I change my password if I get a phishing email? ›If you did reply with a username and password to a phishing email, or you logged in to a fake Williams web page your account information is available to the scammer. Do these things as quickly as possible (preferably from a different computer): CHANGE YOUR PASSWORD!
Can you get phished by opening an email? ›Just opening the phishing message without taking any further action will not compromise your data. However, hackers can still gather some data about you, even if all you did was open the email. They will use this data against you to create more targeted cyber attacks in the future.
Do phishing emails address you by name? ›Legit companies usually call you by your name
Phishing emails typically use generic salutations such as “Dear valued member,” “Dear account holder,” or “Dear customer.” If a company you deal with required information about your account, the email would call you by name and probably direct you to contact them via phone.
If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org . If you got a phishing text message, forward it to SPAM (7726). Report the phishing attempt to the FTC at ReportFraud.ftc.gov.
Which of the following are warning signs of a phishing email? ›- An unfamiliar greeting.
- Grammar errors and misspelled words.
- Email addresses and domain names that don't match.
- Unusual content or request – these often involve a transfer of funds or requests for login credentials.
- Urgency – ACT NOW, IMMEDIATE ACTION REQUIRED.
By reporting phishing attempts, you can: reduce the amount of scam communications you receive. make yourself a harder target for scammers. protect others from cyber crime online.
What happens when you report phishing on Gmail? ›When viewing a message click the drop-down arrow next to Reply at the top-right of the message pane and select Report phishing. This will remove the email from your inbox and send a report to Google to help in the fight against scammers and fraudsters.
What if I open a phishing email on my Iphone? ›
What Happens If You Click on a Phishing Link? Clicking on a phishing link or opening an attachment in one of these messages may install malware, like viruses, spyware or ransomware, on your device. This is all done behind the scenes, so it is undetectable to the average user.
Should I be worried about a phishing email? ›Any email that asks for your personal or sensitive information should be seriously scoured and not trusted. Even if the email has official logos or text or even links to a legitimate website, it could easily be fraudulent. Never give out your personal information.
Will changing my email password stop hackers? ›A hacker may attempt to access your account more than once over a period of time. Changing your password often reduces the risk that they will have frequent access.
Can opening an email infect your phone? ›A questionable email alone is unlikely to infect your phone, but you can get malware from opening an email on your phone if you actively accept or trigger a download. As with text messages, the damage is done when you download an infected attachment from an email or click a link to a malicious website.
Who is most vulnerable to phishing? ›According to a 2021 analysis of phishing emails, women are less likely to both open and enter their data in a malicious phishing attempt. Reportedly, males are 225% more likely to respond to phishing emails than females. This new research contradicts the findings of a 2010 study by Sheng et al.
How does a phisher typically contact a victim? ›Phishing attacks typically rely on social networking techniques applied to email or other electronic communication methods. Some methods include direct messages sent over social networks and SMS text messages.
Which is the common red flags of phishing emails? ›Look out for: Incorrect (but maybe similar) sender email addresses. Links that don't go to official websites. Spelling or grammar errors, beyond the odd typo, that a legitimate organization wouldn't miss.
Can someone hack my bank account with my email address? ›Hackers know the value of your email account. Once they're in, they can use it to gain access to your bank account, social media profiles, and other sensitive online accounts. Don't ignore the signs of a hacked inbox. If anything looks suspicious or you suddenly can't log in, act fast!
What is the best defense against phishing? ›The best protection is awareness and education. Don't open attachments or links in unsolicited emails, even if the emails came from a recognized source. If the email is unexpected, be wary about opening the attachment and verify the URL.
How do I clean my iPhone after phishing? ›- #1) Restart Your Phone.
- #2) Delete Apps Downloaded From Outside App Store.
- #3) Delete Suspicious Apps.
- #4) Check Permissions Asked By Each App On Your Device.
- #5) Clear Your Browsing History.
- #6) Clear Your Data Until Previous Backup & See If It Works.
- #7) Update iOS Version.
- #8) Reset To Factory Settings.
Can opening an email infect your iPhone? ›
In short, no, an iPhone can't get a virus from an email itself. If your email exists on your phone as its own application, it has gone through Apple's security checks before being placed onto the App Store. Spam mail is the most common way a virus program attempts to gain control of your phone.
How do I know if my iPhone has been hacked? ›- iPhone overheating and constant low battery. This is normally a sign that a process is running in the background without your knowledge. ...
- You're informed of strange messages from contacts. ...
- Mysterious messages and texts. ...
- iPhone performance has dropped. ...
- High data usage.
As a concise answer, yes, you can get hacked or get a virus by a spam text. However, devices haven't made it easy for scammers to gain access. They'll need confirmation from you or will lure you into clicking a suspicious link to release malware onto your device.
Can phishing happen just by opening an email? ›No, you can't get hacked by simply opening an email. This was possible before when emails would run JavaScript in the preview pane allowing malware to spread without any action from the user.
What are 3 signs of a phishing email? ›- An unfamiliar greeting.
- Grammar errors and misspelled words.
- Email addresses and domain names that don't match.
- Unusual content or request – these often involve a transfer of funds or requests for login credentials.
- Urgency – ACT NOW, IMMEDIATE ACTION REQUIRED.
Open Gmail, and check the box of the spam email whose sender you'd like to block. Click the three vertical dots displayed along the top of your inbox and select Filter messages like these.
Is it OK to answer phishing emails? ›PhishLabs warns that replying to a phishing email, even if you know it's a scam, can lead to further attacks. Most phishing campaigns are automated and replying to them puts you on a scammer's radar. PhishLabs stresses that these people are criminals, and that they can be vindictive or even dangerous.
Can I tell if my email has been hacked? ›Look for strange emails in your sent folder that you didn't send. You're getting password reset emails you didn't ask for. Once a hacker gets access to your inbox they can see which services you use. For example, Facebook email notifications tell them you have a Facebook account.
Can someone hack your phone through email? ›Can my phone get hacked through email? One way that hackers are able to access your phone is to get you to click on infected links in text messages and emails. However, that's not always necessary. The very sophisticated hackers can use zero-click hacks that don't require you to do anything to activate the attack.
Can someone hack your email without a password? ›If a hacker wanted to try breaking into one of your online accounts, knowing your email address is a solid first step. Obviously, they can't log in without your password, but by knowing your email address, they could target you with phishing emails – malicious attachments that install malware on your machine.
Can I get hacked by opening a message? ›
Through messages from a hacked phone.
If you open the message, you will download spyware or malware on your phone. It's that simple with smartphones—and hackers know it.
Requests for personal information, generic greetings or lack of greetings, misspellings, unofficial "from" email addresses, unfamiliar webpages, and misleading hyperlinks are the most common indicators of a phishing attack.