You may not even notice when you receive one, most suspicious emails are automatically sorted to spam by your email service – though, a few may slip through the cracks, and one or two may even be authentic enough for you to click through their contents.
The most important thing to remember about phishing emails is that unless you open any attachments or click on any links, you will not be affected by malware. Phishing emails are based on social engineering and work off bait, hence the name, and unless the bait is taken you can’t be affected by the cybercriminals holding the rod, fingers twitching at the reel.
If you’re not familiar with these kinds of emails or begin to feel nervous or panicked when you receive one – this list is for you.
Here are 6 crucial things you need to do as soon as you receive a phishing email:
1. Keep calm – Don’t click on any links
When you receive a suspicious email you think is a phishing attack – don’t panic! Most modern email services like Gmail, Yahoo or Outlook have advanced malware filtering systems in place to make sure users don’t get bombarded by phishing or other malicious emails.
Because of these systems, it is completely safe to open the email and look at its contents – written text, links and attachments. These can all be viewed safely from your email client since they are not permitted to run unless you open them.
Phishing emails can be a real security risk. Malware embedded in attachments or links can quickly steal personal information, including bank details. Phishers can send emails to thousands of addresses every day, and if you reply to one of their messages, it confirms that your email address is active. Make sure you don’t reply.
2. Verify the Email’s sender
If a suspicious email arrives in your inbox, and it is from an address that you recognise – check with them, but don’t reply directly. Instead, create a completely new email and ask them if it is legitimate. Or better yet, contact them through another means like a WhatsApp message or a phone call.
Never forward a suspicious email because that can endanger other people and expose them to phishing attacks. If the email is from a bank or another company or institution check with that institution. A company will always, always confirm with you if its communications are valid, or not.
Again, don’t click any links in the email. Type in the website address yourself and use the contact options to ask the company if they sent it. If it’s from an address that you don’t recognise, don’t reply and follow the next three steps.
3. Mark the sender as spam
After you have verified that the suspicious email isn’t from someone you know, or from a legitimate company or institute then the next best thing to do is mark the sender as spam.
You don’t want the sender to continue sending phishing attacks. Marking the address of the sender as spam will ensure that any subsequent emails will be sent to the spam folder immediately.
You can add senders to a spam list in any email client. If you’re unsure how to do it, a simple Google search of “how to add sender to spam in X”, where X is the name of the email client you use, should do the trick.
4. Delete the email – Carry on!
Finally, delete the email. This could send it to your recycle bin or deleted items folder, so make sure to delete it from there as well.
After you delete a phishing email, and you have made sure not to click any links or download any attachments, then you don’t need to worry about the email anymore as you’ve successfully avoided an attack.
It never hurts, though, to run a quick Antivirus scan afterwards for some peace of mind.
5. Report the Phishing Attack
After you have dealt with the attack, and want to make sure others won’t be affected, you can report the sender.
There are a few entities that you can report the sender to, including the company you work for – contact your IT department and let them know about the email and about the name of the suspicious sender.
If the email claims to come from a company that you recognise, contact that company and let them know that their name is being used in phishing attacks.
The more people report phishing emails, the more agencies and providers can prevent senders from sending harmful phishing emails.