Receiving a phishing email can be a little intimidating, to say the least. Does someone have your personal information? Are you at risk of something more nefarious? What should you do?
Thankfully, phishing attacks won’t infect your computer automatically, so as long as you don’t download and open any attachments or click on any links, you’re probably fine.
A phishing email, otherwise known as a phishing attack, is a category of cyberattack known as social engineering. The goal of the sender is to try to convince you to give up login credentials, money or some other details they can use to profit from and cause you harm. It can result in compromised online accounts, serious financial impact and even identity theft.
In this guide, we’ll take a look at everything you need to know so you don’t fall victim to these scammers.
Determining If the Email Is a Phishing Scam
If you receive a suspicious email, the first thing you need to do is determine whether it’s a phishing attack. Knowing what to look for goes a long way toward protecting you from identity theft and other scams. Here are some ways you can determine whether the message you’re looking at is a phishing attempt:
- Unknown sender: It’s not uncommon to receive emails from unknown senders, but doing so should put you on alert. While all unknown senders aren’t phishing scammers, almost every phishing attempt is from an unknown sender.
- Urgency: Any demand to click or open something immediately should raise suspicions. Whether it’s the promise of a reward or the risk of penalty, any request for immediate action from an unknown sender should give you pause.
- Bad spelling and grammar: If a message has numerous errors in spelling, grammar and presentation, it could be a scam. Some scammers even use misspelled words to avoid spam filter detection.
In short, if a message is from an unknown sender and is asking you to take some uncharacteristic action, it’s probably a malicious message. If this is the case, don’t respond or share any personal information, and follow these steps:
What to Do If You Receive a Phishing Email
Step 1: You’ve Received a Phishing Email
If you do happen to click on a suspicious email, don’t panic. Whether you’re using Gmail, Outlook or another modern email client, there’s no harm caused by simply previewing nefarious emails. Odds are, you aren’t infected with any kind of malware.
That said, do not click on any links or attachments in the message. You also shouldn’t follow any steps the message instructs you to do, such as placing phone calls or sending text messages.
It’s also important to refrain from replying to the email. In most cases, phishing emails are sent to hundreds or thousands of recipients, and there’s a good chance the sender doesn’t even know if your address is an active email account. Don’t let them know otherwise or it could result in you being targeted specifically.
The next step is reporting the email.
Step 2. Report the Email
Phishing attacks are scams, period. This means it’s a good idea to report any phishing emails you receive to the appropriate authorities.
If you’re using a work account, you’ll want to report the message to your IT team. Depending on your company, you might have specific policies in place for phishing emails, such as filling out a form and forwarding it to a security team. If you’re unsure, send a support request to your IT department asking about the procedures for phishing emails. In the meantime, leave the message in your mailbox, but don’t interact with it further.
If you’re using a private email account, your provider likely has a process for reporting phishing emails. In Gmail, for example, you can report a phishing attack directly from your inbox. Other email services provide similar functionality. The more these emails are reported, the better the services can filter similar scams and junk emails from reaching you.
Lastly, some countries have organizations that deal with phishing emails you can report the message to. A simple web search will tell you what the steps are for reporting them or initiating a fraud alert in your country. In the U.S., for example, the organization responsible is the Internet Crime Complaint Center.
Step 3. Delete the email
Once you’ve gone through the process of reporting the message, it’s safe to go ahead and delete it. In most email clients, deleting a message sends it to another folder labeled “trash” or “deleted items.” If this is the case, you’ll want to navigate into that folder and delete it there, too.
Step 4: Prevent Future Phishing Emails
The filters on your email client do a decent job of keeping phishing scams out of your inbox, but scammers are always devising new ways to outsmart them. It’s a good idea to strengthen your security wherever you can.
For individuals, security software that’s regularly updated can add an extra layer of protection to help keep phishing attempts and other nefarious emails from getting to your inbox.
If you’re a part of a business or organization and you find a lot of scam attempts are getting through, it might be time for your business to look into upgrading its IT security partner. Keeping in mind that phishing attempts are only the tip of the iceberg when it comes to digital threats, it’s crucial for businesses to prioritize security and support policies.
Improve Your Security With EIRE Systems
Whether you’re an individual on a private email account or working within an organization, phishing messages are distressing. In short, if they didn’t work so effectively, bad actors wouldn’t use them. So it’s smart to show extra vigilance when you receive emails from unknown senders.
If a phishing email does land in your mailbox, just remember:
- Don’t panic.
- Report the message.
- Delete the message from your mailbox.
- Improve your email security.
If you’re ready to take your business’s IT security to the next level, EIRE Systems is the partner with the expertise you need. Whether it’s a brand-new security policy across your organization or a new security layer across your network, EIRE Systems will shield your business from any type of bad actor or internet threat. Get in touch with us today to find out how.