What to Do With Phishing Emails and How to Report Them

January 5, 2022

There is no denying that phishing attacks are on the rise. The FBI reports that such attacks cost $54 billion in 2020, and phishing complaints increased by a whopping 110% from 2019 to 2020.

If you're one of the many people targeted by a phishing email, you're not alone. If you notice an attempted phishing attack, don't respond, click it, or open it. Report it immediately and notify the individual or business being impersonated. If you're on a work or school network, alert your organization.

If you've already opened the phishing email, you'll need to take some immediate steps: change all your passwords, notify your financial institutions, monitor your credit, and regularly check your accounts for any suspicious activity.

What is a Phishing Email?

Phishing is a form of internet fraud where scammers mimic genuine businesses using email, text messages, and advertisements to obtain sensitive information. The name "phishing" is a play on the word "fishing," as cybercriminals dangle a "lure" (such as a legitimate-looking email) in the hopes that users will bite and provide the information required for identity fraud.

A successful attack usually includes a link to what looks like an authentic website where you’re asked to input personal information. However, the website is a ruse and the information you submit goes directly to the scammers. Phishing emails typically request:

  • Usernames and passwords

  • Account credentials for financial institutions

  • Sensitive information to gain access to your accounts through security questions

Once they have this information, they can use it to steal money, personal information, or corporate data.

How to Recognize A Phishing Email

Phishing emails are designed to look like they’re coming from a business you’re familiar with, such as a bank, credit card company, or social networking platform. These suspicious emails typically create a narrative to get you to click on a link or open a file. They might:

  • Include a fake invoice

  • Provide fraudulent links to make a payment

  • State that you're eligible for free merchandise

  • Ask you to update your credit card information

How do you spot a phishing email? Here are a few giveaways:

  • Double-check the sender’s email address. Phishing scammers use email spoofing to create addresses that are similar, but not identical, to the organization they are trying to impersonate.

  • Look for a generic greeting. Since phishing attacks are often sent in large batches, they may have generic openings like “Hello Sir/Madam,” or “Dear Valued Customer.”

  • Beware of urgent requests for important information. Phishing emails often rely on a time-sensitive request designed to scare you into quickly sharing private information. These emails may claim your account will be closed due to non-payment, your password has been reset, or your free offer is about to expire.

  • Look for spelling errors. If you spot some bad grammar or spelling mistakes, be extra cautious. Many phishing emails come with these errors.

If you receive a suspicious email that asks you to provide any kind of personal information or login credentials, check your account separately before clicking on any links. Usually, you’ll immediately see if there are any legitimate issues by logging into your real account as you normally would. If nothing is flagged when you log in separately, you’ll know the email you received is a phishing email.

What to Do If You've Been Phished

If you've been a victim of an email phishing scam, you need to take immediate steps to protect yourself against identity theft. If you clicked on a link in a suspicious email, here’s what to do after a phishing attack:

  • Update all passwords. Creating new passwords and logging out of all active devices is the first action you should take. Change your passwords right away if you've clicked on a suspicious link or supplied personal information in response to a phishing scam. Then apply your new password to all email, bank, utilities, and any online accounts. You’ll want to create new passwords for each that are unique, complex, and contain a combination of letters, numbers, and symbols. We recommend using a password manager to help keep track of these unique passwords.
  • Contact credit bureaus. Notify at least one of the three main credit bureaus (Experian, Equifax, and TransUnion) that a phishing attack may have jeopardized your account. Ask the bureau to place a fraud alert or a credit freeze on your account until the problem is fixed. They will monitor your credit report for any unusual activity that may relate to identity theft or fraud.
  • Notify your financial institutions. Let your credit card providers and your bank know that your accounts may have been compromised so that they can monitor your funds and credit line. Depending on the type of fraud, you may need to request new debit or credit cards. And if you didn’t already reset your bank passwords, do it immediately.
  • Update your programs. If a malicious program has infected your operating system, update your software to the most recent version and conduct a thorough virus scan. Also, make sure to switch off your computer when it's not in use so that hackers can't access it.
  • Check your accounts frequently. Check your bank and credit card accounts for unusual activity. Since you’ve alerted your bank and a credit bureau, they’ll provide help with this step. If you've previously identified strange behavior on your credit report and set a fraud alert or credit freeze, you might want to keep it in place until you're sure it's safe to remove it. Also, be sure to keep an eye out for any invoices that aren't yours from utility companies or other service providers.

How to Prevent Phishing

Phishing emails can lead to a lot of hassle and potentially years of recovery from identity fraud. Here’s how to handle phishing emails in order to prevent fraud:

  • Do not open the email. This one may seem obvious, but scammers are masters of disguising emails to look legitimate. It’s not always easy to tell which emails are malicious just from the subject line, but if you’re in doubt, don’t open it. Simply opening a phishing email may jeopardize the security of your personal data.
  • Check to see if the email is genuine. Make sure the email address and sender name are the same. Also, look for unusual characters, unnecessary numbers, and misspellings in the email address. Before you click on any links, hover over them. If the URL of a link doesn’t match the description of the link, it might be a phishing site.
  • Delete the email as soon as possible. Be sure to delete the email immediately to avoid any malware invading your device. Don’t open or download any attachments. Malware, such as viruses, worms, and spyware can come hidden in attachments.
  • Do not respond to the sender. Ignore any demands from the sender and do not reply to the email or contact any of the phone numbers included in the message. Replying to a phishing email or making contact in any way can give scammers access.
  • File a report. Assist others in avoiding phishing scams by using the FTC's online Complaint Assistant to file a complaint. If you’re suspicious of an email, it’s likely others have reported it as well. Do a quick search on the scam and you may find results. Perform this same courtesy if you come across a phishing email to help others.

How to Report Phishing Attempts

When it comes to what to do with a phishing email, don’t just delete it—report it. By doing so, you can help prevent others from falling victim to identity fraud.

You should report it to your organization if you received a phishing email to your school or work address. But don’t stop there. There are several non-profits or government groups that track phishing emails. You can help them track and fight phishing scams by reporting any suspicious emails you receive. Here are some resources for reporting such emails:

  • The National Fraud Information Center (NFIC): A non-profit organization that informs the federal government of fraudulent activities and keeps extensive records of fraud events. It also includes information on who you should contact for help and what to do if you get a phishing email in your state.

  • The Internet Crime Complaint Center: Administered by the FBI and the National White-Collar Crime Center, this resource allows people to report crimes online. It also includes a link to file a claim against a third party that stole or attempted to steal your identity.

  • Department of Justice (DOH): Maintains websites where you may report email scams. There are also a lot of valuable links, suggestions, and guidance on the site.

  • The Better Business Bureau (BBB): A non-profit organization that promotes ethical business practices. The Better Business Bureau allows you to inform others about your experience so others don't fall victim to similar frauds.

When we all do our part to report phishing attempts, we can keep everyone safer from cybercrime.

Phishing: What to Do to Protect Your Company

Phishing email attacks cost organizations millions of dollars each year, on top of the overall disruption and damage to reputation it can cause. To safeguard employees against phishing attempts, companies all over the world rely on Abnormal Security. Investing in our cutting-edge email security technology can help you strengthen your defenses and lower your risk of becoming a phishing statistic.

To learn more about what to do with phishing emails and how Abnormal Security can help your business, request a demo today.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 06 21 22 Threat Intel blog
Executives are no longer the go-to impersonated party in business email compromise (BEC) attacks. Now, threat actors are opting to impersonate vendors instead.
Read More
B 06 7 22 Disentangling ML Pipelines Blog
Learn how explicitly modeling dependencies in a machine learning pipeline can vastly reduce its complexity and make it behave like a tower of Legos: easy to change, and hard to break.
Read More
B 04 07 22 SEG
As enterprises across the world struggle to stop modern email attacks, it begs the question: how are these attacks evading traditional solutions like SEGs?
Read More
Enhanced Remediation Blog Cover
The most effective way to manage spam and graymail is to leverage a cloud-native, API-based architecture to understand identity, behavior, and content patterns.
Read More
B 05 16 22 VP of Recruiting
We are thrilled to announce the addition of Mary Price, our new Vice President of Talent. Mary will support our continued investment in the next generation of talent here at Abnormal.
Read More
B 06 01 22 Stripe Phishing
In this sophisticated credential phishing attack, the threat actor created a duplicate version of Stripe’s entire website.
Read More
B Podcast Engineering9
In episode 9 of Abnormal Engineering Stories, Dan sits down with Mukund Narasimhan to discuss his perspective on productionizing machine learning.
Read More
B 05 31 22 RSA Conference
Attending RSA Conference 2022? So is Abnormal! We’d love to see you at the event.
Read More
B 05 27 22 Active Ransomware Groups
Here’s an in-depth analysis of the 62 most prominent ransomware groups and their activities since January 2020.
Read More
B 05 24 22 ESI Season 1 Recap Blog
The first season of Enterprise Software Innovators (ESI) has come to a close. While the ESI team is hard at work on season two, here’s a recap of some season one highlights.
Read More
B 05 13 22 Hiring Experience
Abnormal Security is committed to offering an exceptional experience for candidates and employees. Hear about our recruiting and onboarding firsthand from three Abnormal employees.
Read More
B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More