What to Do If You Receive a Phishing Email?Aytun Çelebi
What to Do If You Receive a Phishing Email – If you receive a phishing email, this may make you a little nervous. But if you don’t click or respond to any link, the malware won’t infect your computer.
In a phishing email, the cyber attacker tries to steal your personal information, such as banking details or passwords, by having you click a link. It is a traditional social engineering attack. I’ve explained in detail how phishing emails work. If you’re not familiar with these emails or don’t know how to detect them, you should read this blog.
Be Calm and Don’t Click Any Links
When you receive a suspicious phishing email, don’t panic. Modern email clients like Gmail and Outlook do a great job of filtering emails with malicious code or attachments. Just because a phishing email arrives in your inbox does not mean you are infected with any virus or malware. It is completely safe to open an email. Mail clients did not allow the code to run when you opened an email.
Still, phishing emails are a real security risk. You should not click a link or open an attachment in an email if you are not 100 percent sure that you know and trust the email sender. Also, you should never reply to the sender – even to tell them not to send you any other mail. Phishers can send emails to thousands of addresses every day, and if you reply to one of their messages, it confirms that your email address is active. This makes you a perfect target. When the phisher realizes that you have read their emails, they will send more phishing emails and hope one of them works.
Verify the Email’s Sender
If a sceptical email is from someone you know, check with them to see if the message is legitimate. Do not reply to the email. If it’s from someone you know, create a new email message or call the person and ask if they sent you the mail. Do not forward the email as it spreads the possible phishing attack. If the email is from a company you use, such as your bank, gym, or medical institution, go to the website and contact them from there. Again, don’t click any links in the email. Type in the website address yourself and use the contact options to ask the company if they sent it.
Report the Phishing Attack
You can report the phishing email to four organizations, and this part will cover each of them separately.
1- Your Company
If you receive a phishing email to your business address, you should follow your company’s policy rather than do anything else. Your IT security policies may require you to forward a phishing email to a specific address, fill out an online report, save a support record, or simply delete it. You can ask your IT security team, if you’re not sure about your company’s policy. If possible, we recommend you to familiarize yourself with your company’s policy before receiving a phishing email.
2- Your Email Provider
Your email provider likely has a process you can follow to report phishing emails. The mechanism varies from company to company, but the reason is the same. The more data the company has in its phishing emails, the better it can make its spam filters to prevent scams from reaching you.
3- Government Body
In some countries, there are agencies that deal with phishing emails. A quick search should tell you how and in what way you can report a phishing email to the authorities. If you report a phishing email to your provider or a government agency, you shouldn’t expect a reply. Instead, email providers and government agencies use the data you send to try to stop accounts from sending emails. This includes blocking senders, closing websites, and prosecuting them if they’re breaking any laws. When you report phishing attacks, it helps everyone because you help the authorities to stop them. The more people report phishing emails, the more agencies and providers can prevent senders from sending harmful phishing emails.
4- The Company That Supposedly Sent The Mail
If the phishing email appears to come from a company, you can usually report it directly to that company. Most companies and government agencies have ways you can report phishing.
Mark The Sender As a Spam
You probably don’t want to receive any more emails from the person who sent this phishing email. When you mark it as spam, your email client will block other mail from this address. You can add senders to a spam list in any email client. If you’re using something other than Gmail or Outlook, search the company’s website to find out how to mark a message as junk or spam.
Delete The Email
Finally, delete the email. Usually, this will send it to the recycle bin or deleted items folder, so remove it from there as well. You don’t need to keep it after you report it. You don’t need to scan for viruses or clear your browser history because you have received a phishing email. However, you should run an antivirus program from time to time as there is no harm in scanning it.
Keep Calm and Carry On!
Phishing emails are frustratingly frequent. Luckily, your spam filters catch them most of the time, and you’ll never see them. Sometimes they can’t even go that far because your provider has stopped them. Be careful to knock out a few successful phishing attacks, and don’t click any links or attachments unless you’re sure they’re safe.
Don’t worry, as millions of phishing emails are sent every day. You are not the only target. Follow the basic steps we covered above, and then move on to your day.
Cyber Security Researcher