What Should You Do If You Receive a Phishing Email?
If you receive a phishing email, it can be a bit scary. Fortunately, nothing infects your computer if you don’t click any links or respond. Here’s what to do (and what not to do) if you receive a phishing email.
But what should you do if you receive a phishing email?
Don’t Panic and Don’t Click Any Links
When you get a suspected phishing email, don’t panic. Modern email clients, like Outlook, Gmail, and Apple Mail, do a great job of filtering out emails that contain malicious code or attachments. Just because a phishing email lands in your inbox, it doesn’t mean your computer is infected with a virus or malware.
It’s perfectly safe to open an email (and use the preview panel). Mail clients haven’t allowed code to run when you open (or preview) an email for a decade or more.
Phishing emails are a genuine security risk, though. You should never click a link in an email or open an attachment to one unless you are 100 percent confident you know and trust the sender. You should also never reply to the sender—even to tell them not to send you any further mail.
Phishers might send emails to thousands of addresses every day, and if you reply to one of their messages, it confirms your email address is live. This makes you even more of a target. Once the phisher knows you’re reading his emails, he’ll send more attempts and hope one of them works.
So to be clear: Don’t click any links, don’t open any attachments, and don’t reply.
Check with the Sender
If a suspicious email appears to be from someone you know or a company you use, check with them to see if the message is legitimate. Do not reply to the email. If it appears to be from someone you know, create a new email message, or text or call the person and ask if they sent you the mail. Don’t forward the email, as that just spreads the potential phishing attack.
If it appears the email was sent to a lot of people, such as communication about upgrading an app, you can also send a tweet to the company at their official handle and ask them directly. The representative won’t know about individual emails, but he’ll know if the company has sent out a communication to all customers.
Report the Email
There are four types of organization you can report phishing emails to:
- Your company
- Your email provider
- A government body
- The organization the email is allegedly from
Report It to Your Company
If you receive a phishing email at your work address, you should follow your company’s policy rather than doing anything else. Your IT security policies might require you to forward a phishing email to a specific address, fill out an online report, log a ticket, or merely delete it.
If you’re not sure what your company’s policy is, ask your IT security team. We recommend you find this out before you get a phishing email, if possible. It’s better to prepare and be ready.
Report It to Your Email Provider
If Google or Microsoft provides your email account, they have a reporting mechanism built into their clients.
In Google, click the three dots next to the Reply option in the email, and then select “Report phishing.”
A panel opens and asks you to confirm you want to report the email. Click “Report Phishing Message,” and then Google reviews the email.
The Outlook client doesn’t provide an option to report an email to Microsoft, but the Outlook web app does. It works the same way as Gmail. Click the three dots next to the Reply option in the email, and then select “Mark as phishing.”
This opens a panel to confirm you want to report the email. Click “Report,” and then Microsoft reviews the email.
You can’t report a phishing email directly within the Apple Mail client. Instead, Apple requests you forward the message to [email protected].
For any other mail providers, search online to see how you report phishing emails to them.
Report It to a Government Body
Some countries have agencies that deal with phishing emails. In the US, the Cyber Security and Infrastructure Security Agency (a branch of the Department of Homeland Security) ask you to forward the mail to [email protected]. In the U.K., you can report the mail to Action Fraud, the National Fraud, and Cyber Crime Reporting Centre.
In other countries, a quick search should tell you if and how you can report a phishing email to the authorities.
If you report a phishing email to either your provider or a government body, you shouldn’t expect a response. Instead, email providers and government agencies use the information you send them to try to stop the accounts that send out the emails. This includes blocking the senders (or adding them to spam/junk filters), shutting down their websites, or even prosecuting them if they’re breaking any laws.
Report It to The Company That Allegedly Sent the Mail
If the phishing email pretends to be from a company, you can often report it directly to that company. For example, Amazon has a dedicated email address and form to report both email and phone phishing.
Most companies and government agencies (especially those that deal with financial or medical business) have ways you can report phishing. If you search “[company name] report phishing,” you should be able to find it pretty quickly.
Mark the Sender as Junk or Spam
You probably don’t want to get any more emails from the person who sent this one. Mark it as spam or junk, and your email client will block any further mail from that address.
You can add senders to a spam/junk list in any email client. If you use something other than Gmail or Outlook, search the company’s documentation to find out how you mark a message as junk.
Delete the Email
You don’t need to run a virus scan or clear your browser history just because you received a phishing email. However, you should run an antivirus program.
If you run an antivirus program that updates regularly, it should catch anything malicious before it runs. Plus, if you don’t click a link or open an attachment in the email, it’s improbable it unloaded anything malicious on your system, anyway.
Don’t Worry and Carry On
Phishing emails are annoyingly frequent. Fortunately, your spam or junk filters catch them most of the time, and you never see them. Sometimes, they don’t even get that far because your provider stops them. To defeat the few that do get through, just be careful and don’t click any links or attachments unless you’re sure they’re safe.
Millions of phishing emails are sent every day, so don’t worry—you’re not usually a target. Just follow the simple steps we covered above, and then carry on with your day.
No comments: