What Should You Do If You Receive a Phishing Email?

Check with the Sender

If a suspicious email appears to be from someone you know or a company you use, check with them to see if the message is legitimate. Do not reply to the email. If it appears to be from someone you know, create a new email message, or text or call the person and ask if they sent you the mail. Don’t forward the email, as that just spreads the potential phishing attack.

If the email claims to be from a company you use, like your bank, gym, medical institution, or online retailer, go to their website and contact them from there. Again, do not click any links in the email. Type in the website address yourself (or use your preferred search engine) and use their contact options to ask the company if they sent it out.

If it appears the email was sent to a lot of people, such as communication about upgrading an app, you can also send a tweet to the company at their official handle and ask them directly. The representative won’t know about individual emails, but he’ll know if the company has sent out a communication to all customers.

Report the Email

There are four types of organization you can report phishing emails to:

• Your company
• Your email provider

Report It to Your Email Provider

Your email provider probably has a process you can follow to report phishing emails. The mechanism varies from provider to provider, but the reason is the same. The more data the company has on phishing emails, the better it can make its spam/junk filters to prevent scams from getting through to you.

If Google or Microsoft provide your email account, they have a reporting mechanism built into their clients.

In Google, click the three dots next to the Reply option in the email, and then select “Report phishing.”

A panel opens and asks you to confirm you want to report the email. Click “Report Phishing Message,” and then Google reviews the email.

The Outlook client doesn’t provide an option to report an email to Microsoft, but the Outlook web app does. It works the same way as Gmail. Click the three dots next to the Reply option in the email, and then select “Mark as phishing.”

This opens a panel to confirm you want to report the email. Click “Report,” and then Microsoft reviews the email.

You can’t report a phishing email directly within the Apple Mail client. Instead, Apple requests you forward the message to reportphishing@apple.com.

For any other mail providers, search online to see how you report phishing emails to them.

Delete the Email

Finally, delete the email. Usually, this sends it to the recycle bin or deleted items folder, so remove it from there as well. There’s no need to keep it after you report it.