What to Do With Phishing Emails and How to Report Them

January 5, 2022

There is no denying that phishing attacks are on the rise. The FBI reports that such attacks cost $54 billion in 2020, and phishing complaints increased by a whopping 110% from 2019 to 2020.

If you're one of the many people targeted by a phishing email, you're not alone. If you notice an attempted phishing attack, don't respond, click it, or open it. Report it immediately and notify the individual or business being impersonated. If you're on a work or school network, alert your organization.

If you've already opened the phishing email, you'll need to take some immediate steps: change all your passwords, notify your financial institutions, monitor your credit, and regularly check your accounts for any suspicious activity.

What is a Phishing Email?

Phishing is a form of internet fraud where scammers mimic genuine businesses using email, text messages, and advertisements to obtain sensitive information. The name "phishing" is a play on the word "fishing," as cybercriminals dangle a "lure" (such as a legitimate-looking email) in the hopes that users will bite and provide the information required for identity fraud.

A successful attack usually includes a link to what looks like an authentic website where you’re asked to input personal information. However, the website is a ruse and the information you submit goes directly to the scammers. Phishing emails typically request:

  • Usernames and passwords

  • Account credentials for financial institutions

  • Sensitive information to gain access to your accounts through security questions

Once they have this information, they can use it to steal money, personal information, or corporate data.

How to Recognize A Phishing Email

Phishing emails are designed to look like they’re coming from a business you’re familiar with, such as a bank, credit card company, or social networking platform. These suspicious emails typically create a narrative to get you to click on a link or open a file. They might:

  • Include a fake invoice

  • Provide fraudulent links to make a payment

  • State that you're eligible for free merchandise

  • Ask you to update your credit card information

How do you spot a phishing email? Here are a few giveaways:

  • Double-check the sender’s email address. Phishing scammers use email spoofing to create addresses that are similar, but not identical, to the organization they are trying to impersonate.

  • Look for a generic greeting. Since phishing attacks are often sent in large batches, they may have generic openings like “Hello Sir/Madam,” or “Dear Valued Customer.”

  • Beware of urgent requests for important information. Phishing emails often rely on a time-sensitive request designed to scare you into quickly sharing private information. These emails may claim your account will be closed due to non-payment, your password has been reset, or your free offer is about to expire.

  • Look for spelling errors. If you spot some bad grammar or spelling mistakes, be extra cautious. Many phishing emails come with these errors.

If you receive a suspicious email that asks you to provide any kind of personal information or login credentials, check your account separately before clicking on any links. Usually, you’ll immediately see if there are any legitimate issues by logging into your real account as you normally would. If nothing is flagged when you log in separately, you’ll know the email you received is a phishing email.

What to Do If You've Been Phished

If you've been a victim of an email phishing scam, you need to take immediate steps to protect yourself against identity theft. If you clicked on a link in a suspicious email, here’s what to do after a phishing attack:

  • Update all passwords. Creating new passwords and logging out of all active devices is the first action you should take. Change your passwords right away if you've clicked on a suspicious link or supplied personal information in response to a phishing scam. Then apply your new password to all email, bank, utilities, and any online accounts. You’ll want to create new passwords for each that are unique, complex, and contain a combination of letters, numbers, and symbols. We recommend using a password manager to help keep track of these unique passwords.
  • Contact credit bureaus. Notify at least one of the three main credit bureaus (Experian, Equifax, and TransUnion) that a phishing attack may have jeopardized your account. Ask the bureau to place a fraud alert or a credit freeze on your account until the problem is fixed. They will monitor your credit report for any unusual activity that may relate to identity theft or fraud.
  • Notify your financial institutions. Let your credit card providers and your bank know that your accounts may have been compromised so that they can monitor your funds and credit line. Depending on the type of fraud, you may need to request new debit or credit cards. And if you didn’t already reset your bank passwords, do it immediately.
  • Update your programs. If a malicious program has infected your operating system, update your software to the most recent version and conduct a thorough virus scan. Also, make sure to switch off your computer when it's not in use so that hackers can't access it.
  • Check your accounts frequently. Check your bank and credit card accounts for unusual activity. Since you’ve alerted your bank and a credit bureau, they’ll provide help with this step. If you've previously identified strange behavior on your credit report and set a fraud alert or credit freeze, you might want to keep it in place until you're sure it's safe to remove it. Also, be sure to keep an eye out for any invoices that aren't yours from utility companies or other service providers.

How to Prevent Phishing

Phishing emails can lead to a lot of hassle and potentially years of recovery from identity fraud. Here’s how to handle phishing emails in order to prevent fraud:

  • Do not open the email. This one may seem obvious, but scammers are masters of disguising emails to look legitimate. It’s not always easy to tell which emails are malicious just from the subject line, but if you’re in doubt, don’t open it. Simply opening a phishing email may jeopardize the security of your personal data.
  • Check to see if the email is genuine. Make sure the email address and sender name are the same. Also, look for unusual characters, unnecessary numbers, and misspellings in the email address. Before you click on any links, hover over them. If the URL of a link doesn’t match the description of the link, it might be a phishing site.
  • Delete the email as soon as possible. Be sure to delete the email immediately to avoid any malware invading your device. Don’t open or download any attachments. Malware, such as viruses, worms, and spyware can come hidden in attachments.
  • Do not respond to the sender. Ignore any demands from the sender and do not reply to the email or contact any of the phone numbers included in the message. Replying to a phishing email or making contact in any way can give scammers access.
  • File a report. Assist others in avoiding phishing scams by using the FTC's online Complaint Assistant to file a complaint. If you’re suspicious of an email, it’s likely others have reported it as well. Do a quick search on the scam and you may find results. Perform this same courtesy if you come across a phishing email to help others.

How to Report Phishing Attempts

When it comes to what to do with a phishing email, don’t just delete it—report it. By doing so, you can help prevent others from falling victim to identity fraud.

You should report it to your organization if you received a phishing email to your school or work address. But don’t stop there. There are several non-profits or government groups that track phishing emails. You can help them track and fight phishing scams by reporting any suspicious emails you receive. Here are some resources for reporting such emails:

  • The National Fraud Information Center (NFIC): A non-profit organization that informs the federal government of fraudulent activities and keeps extensive records of fraud events. It also includes information on who you should contact for help and what to do if you get a phishing email in your state.

  • The Internet Crime Complaint Center: Administered by the FBI and the National White-Collar Crime Center, this resource allows people to report crimes online. It also includes a link to file a claim against a third party that stole or attempted to steal your identity.

  • Department of Justice (DOH): Maintains websites where you may report email scams. There are also a lot of valuable links, suggestions, and guidance on the site.

  • The Better Business Bureau (BBB): A non-profit organization that promotes ethical business practices. The Better Business Bureau allows you to inform others about your experience so others don't fall victim to similar frauds.

When we all do our part to report phishing attempts, we can keep everyone safer from cybercrime.

Phishing: What to Do to Protect Your Company

Phishing email attacks cost organizations millions of dollars each year, on top of the overall disruption and damage to reputation it can cause. To safeguard employees against phishing attempts, companies all over the world rely on Abnormal Security. Investing in our cutting-edge email security technology can help you strengthen your defenses and lower your risk of becoming a phishing statistic.

To learn more about what to do with phishing emails and how Abnormal Security can help your business, request a demo today.

Related Posts

Blog customer communications leads to product innovation
Learn how customers have influenced the latest round of product enhancements to better protect your organization from email-borne threats.
Read More
Blog attack detection efficacy cover
Abnormal’s relentless pursuit of innovation significantly improves the detection efficacy of hidden payloads in emails by an additional 5%.
Read More
Blog mnru cover
Estimating both the time and cost to complete a task has been a continual challenge for engineering teams as long as I’ve been working in industry. Coordinating the complex interactions and execution task sequencing across multiple tasks and people is a complex, ever-evolving challenge, and one that most teams struggle with daily.
Read More
Blog what do phishing emails cover
Phishing attacks are on the rise; the FBI reports that such attacks cost $54 billion in 2020, and phishing complaints increased by a whopping 110% from 2019 to 2020. If you're one of the many people targeted by a phishing email, you're not alone.
Read More
Blog holiday scams cover
We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun.
Read More
Log4j email blog cover
Over the last few days, Abnormal has successfully blocked multiple attempts by attackers to deliver emails similar to these to our customers’ unsuspecting end users.
Read More
Blog securitry privacy cover
Customers place tremendous trust in Abnormal to protect them from the full spectrum of attacks when they provide us access to the email stored in Microsoft 365 or Google Workspace. To that end, we’re focused on protecting your data and building your trust.
Read More
Blog podcast role cto
Tim Tully, Partner at Menlo Ventures, grew up in Silicon Valley, where a love for coding was kindled in him. Tim is a technologist to the core, which innately led him to become an elite technical leader at companies like Splunk and Yahoo.
Read More
Blog canadian visa cover
Abnormal Security recently identified a scam aimed at the Canadian electronic travel authorization (eTA) program, which bears a striking resemblance to a long-standing fraud scheme described in our post from several weeks ago targeting TSA travel program applicants.
Read More
Automate abuse mailbox cover
Managing and monitoring an Abuse Mailbox can be a significant pain point for IT security teams, particularly large organizations with thousands of employees.
Read More
Blog calendar invite attack cover
Meeting invites are one of the most common types of emails sent today, so it should come as no surprise that attackers have found a way to manipulate them. Scores of recipients that utilize Abnormal Security recently received emails that contained a .ics attachment—an invitation file commonly used to populate online calendar applications with meeting and event information.
Read More
Blog saving memory python cover
At a hyper-growth startup, a solution from six months ago will unfortunately no longer scale. The business is growing rapidly, and this traffic to this service in particular was growing at an unprecedented rate. We hit a point where it needed re-architecting to support 10x the current scale.
Read More