We’ve all been there at least once. You get an email in your inbox that seems legitimate, so you open it. But, after a quick glance, you realize it’s a scam.
What is a Phished Email?
A phished email is a fake email sent from a scammer that poses as a real authority to try and get your personal information. They want access to your bank accounts, phone numbers, social security numbers, usernames and passwords, and more.
Though sometimes phishing emails are easy to spot, the rise of AI and continual technological advancements are making it easier and easier for phishers to target you.
How Did Phishers Get My Email Address?
There are a variety of shady ways that phishers find your email address, including:
- Buying email lists (legally or illegally)
- Searching public records or social media profiles
- Guessing until they get a hit
- Data breaches
What to Do if You Open a Phished Email
Spam emails are sometimes easily recognizable and almost laughed off with their poor attempt. For example, a quick scroll through your Spam email folder will show you emails to entice you with a “Shocking truth about….” subject line, but the email sender is simply from “Must See.” Or you’ll see “Miracle pill caused me to lose 30 pounds in one day” from “WeightLossPill.”
While these attempts can sometimes be laughable, other phishing attempts look more real. Some phishers will create emails to unsettle you, such as “Someone tried to log into your Facebook account” or “Package delivery failed – please confirm address.”
Here’s what to do if you open a phishing email:
- DON’T click any links or attachments.
Phishers want you to fall for their attacks and have you click on a link or open the file they attached. Don’t do either of these things.
If you clicked on a link or opened an attachment before you realized it was spam, be sure to run a scan on your computer for malware. Resetting your email password is also a good idea.
- Report the email to IT or the sender who was impersonated.
Your IT department can investigate and learn more about the sender and find ways to block them from emailing people in your organization again.
If you get an email that impersonates a colleague or a friend from outside your organization, let them know their account has been spoofed.
- Mark the email as spam in your browser.
Once you’ve alerted your IT department about the phished email, you can mark it as spam in your email inbox.
Email clients such as Gmail, Outlook, Yahoo, and more have a place to mark an email as spam. Marking the email as spam can help your email client to block the address or filter similar messages directly to your spam folder.
- Delete the email.
Once you’ve reported the email to your IT department and to your email client, delete the email from your inbox.
Can I Get Hacked by Opening a Phished Email?
Opening the email itself will not necessarily cause you to get hacked. Clicking links and downloading attachments in the email are the more risky ways of compromising sensitive information.
Phishers, however, can garner some data from you when you open the email, such as your location, IP address, operating system, and email client. They can use this information to target you again in the future.
How to Recognize Phishing
One of the best defenses against phishing attacks is to know how to recognize them.
Signs an email is phished include:
- Incorrect email domains
- Bad grammar and writing style
- Unfamiliar greetings or odd phrases
- Suspicious links or attachments
- Sense of urgency or unexpectedness
Our blog “How to Spot a Phishing Email” goes into further detail on each of the signs and gives more tips on how to keep your data from being compromised by phishers.
Phishing Protection Services by Aegis IT
At Aegis IT, we take cybersecurity seriously. We want to help your organization stay safe from dangerous phishing scams.
That’s why we offer phishing prevention services. We train your employees to protect themselves and your organization from phishing attempts.