If you accidently respond to or click a link in a phishing email, you’ll need to act quickly to mitigate the damage. Here are key steps to take:
-
Change your passwords immediately. As a reminder, you should change your passwords regularly and always follow password best practices, even if you haven’t been targeted by a phishing attack. Passwords should be complex, unique and difficult to guess. Avoid using the same password for multiple accounts. And don’t share your passwords with anyone.
-
Report the incident. Inform IT about the phishing email, as soon as possible. Quick reporting enables IT to respond faster, reducing the risk to HM.
-
Monitor your accounts. Checking for malware is a must after reacting to a phishing email. Malware is malicious software designed to damage or disable computer systems, steal sensitive information or spy on user activity. Click this link to scan your device for viruses or other malicious software.
-
Contact the company or organization. If you responded to a phishing email that appeared to be from a trusted source, contact the company or organization to alert them. They may be able to take steps to prevent other customers or employees from falling victim to the same scam.
-
Educate yourself. Learn about the different types of phishing attacks and how to spot them. Look out for telltale signs like grammatical errors, suspicious links and requests for sensitive information. Knowing what phishing tactics attackers commonly use will help you avoid being tricked by them in the future.
