What to Do With Phishing Emails and How to Report Them

There is no denying that phishing attacks are on the rise. The FBI reports that such attacks cost $52 million in 2022, and phishing has been the most common cybercrime reported to the IC3 since 2019.

If you're one of the many people targeted by a phishing email, you're not alone. If you notice an attempted phishing attack, don't respond, click it, or open it. Report it immediately and notify the individual or business being impersonated. If you're on a work or school network, alert your organization.

If you've already opened the phishing email, you'll need to take some immediate steps: change all your passwords, notify your financial institutions, monitor your credit, and regularly check your accounts for any suspicious activity.

Phishing is a form of internet fraud where scammers mimic genuine businesses using email, text messages, and advertisements to obtain sensitive information. The name "phishing" is a play on the word "fishing," as cybercriminals dangle a "lure" (such as a legitimate-looking email) in the hopes that users will bite and provide the information required for identity fraud.

A successful attack usually includes a link to what looks like an authentic website where you’re asked to input personal information. However, the website is a ruse and the information you submit goes directly to the scammers. Phishing emails typically request:

• Usernames and passwords

• Account credentials for financial institutions

• Sensitive information to gain access to your accounts through security questions

Phishing emails are designed to look like they’re coming from a business you’re familiar with, such as a bank, credit card company, or social networking platform. These suspicious emails typically create a narrative to get you to click on a link or open a file. They might:

• Include a fake invoice

• Provide fraudulent links to make a payment

• State that you're eligible for free merchandise

• Ask you to update your credit card information

If you've been a victim of an email phishing scam, you need to take immediate steps to protect yourself against identity theft. If you clicked on a link in a suspicious email, here’s what to do after a phishing attack:

• Update all passwords. Creating new passwords and logging out of all active devices is the first action you should take. Change your passwords right away if you've clicked on a suspicious link or supplied personal information in response to a phishing scam. Then apply your new password to all email, bank, utilities, and any online accounts. You’ll want to create new passwords for each that are unique, complex, and contain a combination of letters, numbers, and symbols. We recommend using a password manager to help keep track of these unique passwords.
• Contact credit bureaus. Notify at least one of the three main credit bureaus (Experian, Equifax, and TransUnion) that a phishing attack may have jeopardized your account. Ask the bureau to place a fraud alert or a credit freeze on your account until the problem is fixed. They will monitor your credit report for any unusual activity that may relate to identity theft or fraud.
• Notify your financial institutions. Let your credit card providers and your bank know that your accounts may have been compromised so that they can monitor your funds and credit line. Depending on the type of fraud, you may need to request new debit or credit cards. And if you didn’t already reset your bank passwords, do it immediately.
• Update your programs. If a malicious program has infected your operating system, update your software to the most recent version and conduct a thorough virus scan. Also, make sure to switch off your computer when it's not in use so that hackers can't access it.
• Check your accounts frequently. Check your bank and credit card accounts for unusual activity. Since you’ve alerted your bank and a credit bureau, they’ll provide help with this step. If you've previously identified strange behavior on your credit report and set a fraud alert or credit freeze, you might want to keep it in place until you're sure it's safe to remove it. Also, be sure to keep an eye out for any invoices that aren't yours from utility companies or other service providers.

Phishing emails can lead to a lot of hassle and potentially years of recovery from identity fraud. Here’s how to handle phishing emails in order to prevent fraud:

• Do not open the email. This one may seem obvious, but scammers are masters of disguising emails to look legitimate. It’s not always easy to tell which emails are malicious just from the subject line, but if you’re in doubt, don’t open it. Simply opening a phishing email may jeopardize the security of your personal data.
• Check to see if the email is genuine. Make sure the email address and sender name are the same. Also, look for unusual characters, unnecessary numbers, and misspellings in the email address. Before you click on any links, hover over them. If the URL of a link doesn’t match the description of the link, it might be a phishing site.
• Delete the email as soon as possible. Be sure to delete the email immediately to avoid any malware invading your device. Don’t open or download any attachments. Malware, such as viruses, worms, and spyware can come hidden in attachments.
• Do not respond to the sender. Ignore any demands from the sender and do not reply to the email or contact any of the phone numbers included in the message. Replying to a phishing email or making contact in any way can give scammers access.
• File a report. Assist others in avoiding phishing scams by using the FTC's online Complaint Assistant to file a complaint. If you’re suspicious of an email, it’s likely others have reported it as well. Do a quick search on the scam and you may find results. Perform this same courtesy if you come across a phishing email to help others.

When it comes to what to do with a phishing email, don’t just delete it—report it. By doing so, you can help prevent others from falling victim to identity fraud.

You should report it to your organization if you received a phishing email to your school or work address. But don’t stop there. There are several non-profits or government groups that track phishing emails. You can help them track and fight phishing scams by reporting any suspicious emails you receive. Here are some resources for reporting such emails:

• The National Fraud Information Center (NFIC): A non-profit organization that informs the federal government of fraudulent activities and keeps extensive records of fraud events. It also includes information on who you should contact for help and what to do if you get a phishing email in your state.

• The Internet Crime Complaint Center: Administered by the FBI and the National White-Collar Crime Center, this resource allows people to report crimes online. It also includes a link to file a claim against a third party that stole or attempted to steal your identity.

• Department of Justice (DOH): Maintains websites where you may report email scams. There are also a lot of valuable links, suggestions, and guidance on the site.

• The Better Business Bureau (BBB): A non-profit organization that promotes ethical business practices. The Better Business Bureau allows you to inform others about your experience so others don't fall victim to similar frauds.

Phishing email attacks cost organizations millions of dollars each year, on top of the overall disruption and damage to reputation it can cause. To safeguard employees against phishing attempts, companies all over the world rely on Abnormal Security. Investing in our cutting-edge email security technology can help you strengthen your defenses and lower your risk of becoming a phishing statistic.

To learn more about what to do with phishing emails and how Abnormal Security can help your business, request a demo today.