Did You Open a Spam Email?
Business email compromise (BEC) or Email Account Compromise (EAC) via phishing attacks account for the largest losses within cybercrime. In 2020 alone, $1.8 billion was lost from BEC/EAC according to the FBI.
A phishing email may look like it was sent from a legitimate source — like a colleague, or a company that you do business with — but is actually sent by cybercriminals.
These scam emails trick recipients into taking actions like forwarding the email message to other people, clicking on a link, or downloading malicious attachments.
Let's Examine a Real-Life Phishing Email
This phishing email from "U.S. Postal Shipping" almost looks legitimate on first glance. But when you inspect the sender address (a long string of jumbled digits), it's unlikely to be from the intended sender.
Scammers are hoping to catch you off guard, or trick you when you aren’t paying close attention to these nuances.
Phishing is one of the oldest types of cyber scams in existence. However, it continues to evolve as hackers find more ways to disguise their true identities.
Just opening the phishing message without taking any further action will not compromise your data. However, hackers can still gather some data about you, even if all you did was open the email. They will use this data against you to create more targeted cyber attacks in the future.
This data includes, but is not limited to, your location, the operating system you use, and your IP address. Clicking on malicious links and downloading attachments are a bigger threat to your data than merely opening suspicious emails.
If you believe you’ve received a phishing email, follow these steps to prevent information loss and protect yourself from identity theft.
3 Steps To Take IfYou Opened a Phishing Email
- Go offline and scan for malware
- Report the email to IT or the company being impersonated
- Mark the email as spam in your email client
1. Go offline and scan for malware
Turn off or unplug your router, or set your device to Airplane Mode or an equivalent. This will prevent malware from spreading to other devices on the same Wi-Fi network.
Use anti-malware software to check for any viruses on your device. Take appropriate steps to get rid of it, if it’s discovered (scroll down for specific steps). If you suspect your devices have been compromised, stop online shopping or banking until you’re in the clear.
Any transaction that involves using usernames, passwords, or other sensitive information may lead to a data breach. If you think your devices have malware, report it here: ReportFraud.ftc.gov
2. Report the email to IT or the company being impersonated
If a phishing email was sent to your work or university email address, report it to your IT department. Similarly, if the email used an address that purported to be a specific individual or business, alert them immediately.
If you’re not certain that it was a phishing attack, the company should be able to tell you whether the email was a scam or not.
As an additional precaution, also report the phishing attempt to the Anti-Phishing Working Group at [email protected]. To report a phishing text message, forward it to SPAM (7726).
3. Mark the email as spam in your email client
Your email client (Gmail, Yahoo Mail, AOL, etc.) will let you mark an email as spam or junk so that it can do a better job filtering spam emails or blocking them entirely.
This is much more impactful than just clicking “unsubscribe.”
If you stumble upon suspicious emails, Gmail recommends you do this:
- Check that the email address and the sender name match.
- Check if the email is authenticated.
- See if the email address and the sender name match.
- On a computer, you can hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
- Check the message headers to make sure the "from" header isn't showing an incorrect name.
📚 Related:What To Do If a Scammer Has Your Email Address →
Did You Click on a Phishing Link?Follow These 7 Steps
- Close all browsers and tabs
- Delete any automatic downloads
- Report identity theft if you replied to the email
- Change all usernames and passwords
- Backup all your files
- Get verified tech support
- Consider identity theft protection
If you’ve opened a phishing email and clicked on links or downloaded attachments, don’t panic. Stay calm, and follow these steps.
1. Close all browsers and tabs
Did you click a phishing link which redirected you to a new tab or window in your web browser?
Close it immediately, and refrain from interacting with anything on the page.
Most suspicious URLs lead to:
- Web pages without an SSL certificate (https://)
- Misspelled domains (www.yah00.org)
- Pages with sub-standard user experience — grammatical errors and low-resolution images are the most common
- Fake websites without an About or Contact page
- Newly created domains (you can check the age of a domain)
- Payment pages that request account numbers and banking information
📚 Related: What To Do If You’ve Been Phished: 7 Next Steps →
2. Delete any automatic downloads
If you downloaded any attachments from a phishing email, don’t open them — they could contain malware that can steal your personal information or lock you out of your data.
Not sure if your device has a virus from a suspicious email or URL?
Look out for these system hiccups:
- Performance delays
- Unfamiliar tools or plugins in your browser
- Persistent pop-ups
- Any out-of-the-ordinary system behavior
If your device is showing any of these symptoms, it’s best to immediately disconnect from the internet and stay offline.
On a Mac, enter safe mode and follow these steps before you get professional help:
- Steer clear of logging into any account
- Delete any temporary files from your Cache folder
- Check Activity Monitor for any malicious apps running in the background
- Run a malware scanner separate from the antivirus software already on your device
- Clear your browser cache after removing dubious extensions
- Finally, consult Apple Support to wipe of reinstall your OS
📚 Related: How To Spot Fake Apps: App Size, Permissions, Source →
3. Report identity theft if you replied to the email
Many phishing scams are designed to get you to enter sensitive information, like credit card numbers through a link in the email. Don’t hand over any information if you’re not able to confirm that the link was sent from a legitimate source.
If you entered your credit card information after clicking on a questionable link, contact your credit card provider so that they can freeze your card. Also follow these steps to report identity theft with the FTC, police, and all major credit bureaus.
📚 Related: What Happens If You Answer a Spam Call →
4. Change all usernames and passwords
Fraudsters use malware to uncover usernames and passwords you may have saved in your browser or to your device for bank accounts, emails, social media profiles, and ecommerce websites. Change your login credentials so that your sensitive data will remain protected.
Password managers are a handy way to create unique passwords, store them securely, and sync across devices. There are many popular password managers including Identity Guard’s ID Vault® that can safely manage hard-to-hack logins for you.
Two-factor authentication or 2FA is another key component of cybersecurity. 2FA could make your accounts impenetrable with only stolen passwords and login information.
📚 Related: How To Spot a Wells Fargo Phishing Email (6 Examples) →
5. Backup all your files
If your machine is infected, all backups will also likely be corrupted. Experts recommend backing up everything — malware included — but not restoring the full backup.
The sole purpose of this backup is making sure all your files have been captured.
At a high level, here are three ways to salvage an infected hard drive:
- Backup all your files on the drive, knowing it’s infected. You’ll be able to restore anything you need later.
- Capture the entire drive and restore to a second drive — or just move the infected drive to be a second drive. Scan the second drive for malware and restore files as needed.
- Backup only data from the drive. The risk is missing something important.
As a general rule, start backing up your computer if you don’t already. These steps become redundant if you can go back to your uninfected system backup.
6. Get verified tech support
Most manufacturers offer free technical support if your devices are still under warranty. Outside your warranty, you’re still eligible for paid support. Have device models and serial numbers ready before you make contact.
Also, be cautious of tech support scammers and people trying to scam you online:
- Tech companies reach you by phone, email or text message to tell you there’s a problem with your device
- Notice popup warnings asking you to call a phone number for tech support
7. Consider identity theft protection
The reality is that identity theft reached shocking new heights last year, and it's only getting worse.
An identity theft protection service like Identity Guard will provide you with the following features in order to help fight back against scammers and con artists:
- Dark web scan
- Criminal and sex offense monitoring
- USPS address change monitoring
- Home title monitoring
- Risk management report
- Safe browsing tools
- Anti-phishing mobile app
- Social insight report
For more insight, read Security.org's review of Identity Guard →
Learn To Recognize The Signs of Phishing Emails
- Forced urgency: Phishing emails have a false sense or urgency or threaten a penalty if you don’t click, call, or open an attachment immediately.
- Unfamiliar sender: Whenever you receive emails outside your organization or from unknown senders, exercise extreme caution.
- Questionable grammar: Professionals and genuine companies won’t jeopardize their reputation with badly-written emails.
- Misplaced salutations: “Dear [Name]” is an obvious giveaway of phishing scams.
- Out-of-place links and attachments: If you have a glimmer of doubt that an attachment or URL has spurious origins, trust your gut and don’t click on them.
- Misspelled or mismatched domains: If the sender claims to be from a company but the email address doesn’t match their claim, that’s a warning sign, too.
We advise keeping both your hardware and software up to date. Use a trusted antivirus software across your devices and as an extra precaution, consider getting identity theft protection.
