What To Do When Receiving A Phishing Email

Sign Up For Our Newsletter To Receive More Content Like This

How to identify, avoid, and report phishing Apple Support

By completing and submitting this form, you confirm that you agree to the storing and processing of your personal data by Code42 as described in our Privacy Statement.

CrashPlan® provides peace of mind through easy-to-use, automatic data loss protection. We help organizations recover and bounce back faster from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware and more. Our data solution is a product of Code42, an industry leader protecting the critical data of more than 50,000 world-class organizations, including the largest global brands

For Small Business

Obtain A Copy Of The Email With Full Headers And Any Original Attachments

Part of your phishing email incident response should be to make sure that you get the phishing email with full headers showing routing info, etc. In Outlook, youll have to look at the messages Properties in order to see all of the email routing information. Take note of the IP address that the message came from. In most cases it will be from a compromised machine of some sort either an end users desktop acting as a bot for the message or from a compromised or vulnerable server. Either way, it will help to have all of this information.

Disconnect Your Computer From The Network

If malicious software has been installed, removing the computer from the network will protect other systems on the network, and will mitigate potential data loss. Do not shut down the machine if it is connected by cable, disconnect the cable. If it is connected on wireless many systems have a switch or button allowing you to manually disable the wireless card.

Based on the specific phishing message, the ISO will help to determine if any additional actions need to be taken to restore your computer to safe operation.

Don’t Miss: How To Print Emails

Dont Open That Attachment Either

In addition to malicious links, the bad actors of the world love to include attachments in their phishing emails. These attachments appear for all the world to be an innocent PDF or Microsoft Word document.

However, they could contain viruses and malware designed to damage files on your computer, grab administrator status so it can make changes, steal your passwords or otherwise spy on your every online move.

The attachment may be posing as an invoice for an unpaid bill or a schedule for a corporate retreat. Malware-powered documents can take many forms. Youll particularly want to be vigilant for emails that appear to be from known sources, such as your childs school or your bowling league, that may actually send you unsolicited attachments.

Dont Give Up Your Personal Information

What to Do If You Receive a Phishing Email?

A legitimate email from a bank, credit card company, college, or other institution will never ask for your personal information via email. This is particularly the case for banking and credit card account numbers, login credentials for websites, or other sensitive information.

As soon as you see an email request for any of the information above, its time to make a call to their known, actual customer service phone number for a chat. Theres an excellent chance that customer service might be aware of this scam and can give you more information on it.

I have found credit card companies seem to keep particularly good track of schemes that affect their customers.

Recommended Reading: How To Email A Video That Is Too Large

Why Do I Keep Receiving Phishing Emails

These phishing efforts are intended to do one of three things: get your private information so they can steal your identity extort you for money directly or install malware on your computer often for ransomware attacks. The most common phishing email is looking for your credentials: your log in and password.

Four Steps To Protect Yourself From Phishing

1. Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.

2. Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.

3. Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:

  • Something you have like a passcode you get via an authentication app or a security key.
  • Something you are like a scan of your fingerprint, your retina, or your face.

Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

4. Protect your data by backing it up.Back up your data and make sure those backups arent connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.

You May Like: How To Restore Yahoo Email Account

Email Scams: The Risks And Consequences

Email scams seek to profit from your personal information. Once thieves have your sensitive data, they can use it to commit a variety of crimes or they can sell it on the dark web.

Heres a closer look at how phishing email scams work.

Phishing is an online fraud scheme designed to trick victims into clicking on a compromised email or text link or opening a fraudulent attachment. Once youve clicked on the link, you are often then redirected to a fake website that looks like it belongs to a legitimate business. From there, you are encouraged to enter your access credentials.

Once you do, however, the scammers have captured your login information and can then access the authentic site to steal more of your personal information or make purchases.

Another example is you may open an email attachment that is embedded with malware which then infects your device. These viruses could capture your login credentials when you access your accounts or take control of your devices.

Types of sensitive information stolen could include your bank and credit card account numbers, passwords, even your Social Security number any personal data that may be stored and visible in those accounts.

The consequences can be devastating. Scammers who have accessed your personally identifiable information, like your SSN, date of birth, or passwords, may be able to take on your identity and commit different types of identity theft, fraud or other crimes.

Here are some of the risks and consequences.

How Can I Find Out If I Won A Prize In My Email

How to Avoid Phishing Email Scams | Guiding You Forward

Some tips for finding these camouflaged wins include: Having a dedicated email address for sweepstakes makes checking through your emails for prize notifications quicker and easier. Especially if youre new to entering sweepstakes, you should open every email that youre not sure isnt a prize notification.

Read Also: How Do I Find My Icloud Email

Check With The Sender

If a suspicious email appears to be from someone you know or a company you use, check with them to see if the message is legitimate. Do not reply to the email. If it appears to be from someone you know, create a new email message, or text or call the person and ask if they sent you the mail. Dont forward the email, as that just spreads the potential phishing attack.

If the email claims to be from a company you use, like your bank, gym, medical institution, or online retailer, go to their website and contact them from there. Again, do not click any links in the email. Type in the website address yourself and use their contact options to ask the company if they sent it out.

If it appears the email was sent to a lot of people, such as communication about upgrading an app, you can also send a tweet to the company at their official handle and ask them directly. The representative wont know about individual emails, but hell know if the company has sent out a communication to all customers.

  • The organization the email is allegedly from

Ransomware Uses Phishing Emails Too

Locky ransomware was so lovely that they set your wallpaper to display the instructions on how to pay them.

One of the biggest problems people have aside from the regular phishing email attempts is ransomware. One such virus was the Locky ransomware, which ended up being very successful even though it required users to click the attachment in a blank message to get infected. But how does this happen? And Why?

Also Check: How To Email A Video That Is Too Large

Reward Staff That Succeed

Associations have found novel ways to reward their staff for giving cybersecurity its due attention. Several clients of mine have distributed bags of Swedish Fish to staff who successfully passed tests. Others have rewarded the employees who reported the most phishing emails in a given month. Some cybersecurity training resources come with leaderboard functionality to gamify the experience. We get that making something boring like cybersecurity is difficult to make fun, but getting silly with the topic will help staff talk about the threatsand ultimately, that will strengthen your security posture!

Reward staff who do the right thing. Acknowledge and thank those who spot real phishing emails or consistently detect the fake ones. Positive and public acknowledgement will help spread good behavior.

Make Sure That You Have The Best Security Software Products Installed On Your Pc For Better Phishing Protection:

What Should You Do If You Receive a Phishing Email?

An unprotected computer is like an open door for email phishing scams. For a more potent form of protection, use a spam filter or gateway to scan inbound messages. Products like Webroot SecureAnywhere® Internet Security Complete thwart dangerous malware before it can enter your PC, stand guard at every possible entrance of your computer and fend off any spyware or viruses that try to enter, even the most damaging and devious strains. While free anti-spyware and antivirus downloads are available, they just can’t keep up with the continuous onslaught of new spyware strains. Previously undetected forms of spyware can often do the most damage, so it’s critical to have up-to-the-minute, guaranteed protection.

Read Also: Where Can I Print Out An Email

Does Spam And Phishing Only Take Place By Email

No. Although they are the best known, and also used as generic terms for other electronic platforms, there are specific terms depending on the channel. On SMS or instant messaging apps it is called spim instead of spam, and smishing instead of phishing. Finally, vishing is the name for phishing on a telephone call.

Important Ways To Protect Yourself From The Impact Of Clicking A Phishing Link

As well as the immediate responses suggested above, you should also do the following:

  • Make sure your software on your computer is up to date and security patches installed
  • Use hard to guess passwords
  • Change your password to any accounts you think are involved
  • Do not use the same password for multiple accounts
  • Use two-factor authentication wherever it is supported
  • Back-up your files regularly to a secure backup device

Read Also: How To Write An Email To Schedule An Interview

S To Protect Yourself From Phishing

Internet protection starts with your mindset and behavior toward potential cyberthreats.

Phishing tricks victims into giving over credentials for all sorts of sensitive accounts, such as email, corporate intranets and more.

Even for cautious users, it’s sometimes difficult to detect a phishing attack. These attacks become more sophisticated over time, and hackers find ways to tailor their scams and give very convincing messages, which can easily trip people up.

Here are a few basic measures to always take with your emails and other communications:

  • Employ common sense before handing over sensitive information. When you get an alert from your bank or other major institution, never click the link in the email. Instead, open your browser window and type the address directly into the URL field so you can make sure the site is real.
  • Never trust alarming messages. Most reputable companies will not request personally identifiable information or account details, via email. This includes your bank, insurance company, and any company you do business with. If you ever receive an email asking for any type of account information, immediately delete it and then call the company to confirm that your account is OK.
  • Do not open attachments in these suspicious or strange emails especially Word, Excel, PowerPoint or PDF attachments.
  • Legit Companies Dont Request Your Sensitive Information Via Email

    What is Phishing? What Can You Do About It – Stop Scam Emails

    Chances are if you receive an unsolicited email from an institution that provides a link or attachment and asks you to provide sensitive information, its a scam. Most companies will not send you an email asking for passwords, credit card information, credit scores, or tax numbers, nor will they send you a link from which you need to login.

    Notice the generic salutation at the beginning, and the unsolicited web link attachment?

    Also Check: Where Can I Print Out An Email

    Threats Or A Sense Of Urgency

    Emails that threaten negative consequences should always be treated with suspicion. Another tactic is to use a sense of urgency to encourage, or even demand, immediate action in a bid to fluster the receiver. The scammer hopes that by reading the email in haste, the content might not be examined thoroughly so other inconsistencies associated with a phishing campaign may pass undetected.

    If You Receive A Phishing Email

    • Never click any links or attachments in suspicious emails. If you receive a suspicious message from an organization and worry the message could be legitimate, go to your web browser and open a new tab. Then go to the organization’s website from your own saved favorite, or via a web search. Or call the organization using a phone number listed on the back of a membership card, printed on a bill or statement, or that you find on the organization’s official website.

    • If the suspicious message appears to come from a person you know, contact that person via some other means such as text message or phone call to confirm it.

    • Report the message .

    • Delete it.

    Also Check: How To Remove Duplicate Emails In Outlook

    What Should You Do If You Receive A Bitcoin Phishing Email

    Lets start with the obvious stuff first.

    • Dont follow any links
    • Dont open any attachments
    • Dont pay the ransom

    There are also a couple of other things you might want to check out, just for the sake of due diligence.

    First, head over to HaveIBeenPwned and enter the email address you received the Bitcoin phishing email with. Its going to tell you whether any of the associated credentials have been compromised. With that knowledge, go and change your passwords. Its just good hygiene.

    Second, run a malware scan. This is really only mandatory if you DID open a file or click on a link, otherwise just consider it a helpful suggestion. You should already be running scans regularly, but if youre not this is a great excuse to start.

    Finally, get a webcam cover. One of these:

    This tiny piece of plastic prevents someone from watching you, even in the event your device is compromised. Obviously we dont want to let it get that far, but its a nice last line of defense.

    If for some reason you cant locate a webcam cover, just use a piece of solid tape or a post-it note or anything you can use to obscure the lens.

    Of course, if youre doing it right on the Email Security side, most of these Bitcoin phishing emails will wind up in your spam folder where they belong.

    That said, if you need help securing your email, youve come to the right place. As we mentioned at the top of the article weve literally written a book on it.

    Check it out.

    Popular Articles

    Related Stories

    Stay on top - Get the daily news in your inbox