What to Do If You Click on a Phishing Email
We’ve all been there: you open your inbox, see what looks like a legitimate email, and before you know it, you’ve clicked a link or downloaded an attachment—only to realize it might be a phishing email. Acting quickly and correctly can limit any damage and keep your data safe.
Immediate Steps to Take
1. Disconnect from the Internet
If you think you may have opened a malicious attachment, disconnecting from the internet can assist with stopping malware from spreading.
2. Don’t Enter Any Information
If the phishing email took you to a fake login page, avoid entering usernames, passwords, or other personal details.
3. Change Your Passwords
If you already entered credentials, change your passwords immediately—especially for email, banking, or other sensitive accounts. Use strong, unique passwords and consider enabling multifactor authentication.
4. Report the Incident
Inform your IT department (or your IT partner, if you outsource) right away. Early detection helps contain threats before they escalate.
5. Run a Security Scan
Use your company’s antivirus or endpoint protection tool to scan your computer for malware or suspicious activity.
What Does the Phish Alert Button Do?
Many organizations use tools like the Phish Alert Button (often integrated in Outlook and Gmail). This button lets employees report suspicious emails directly to IT or security teams in just one click.
When you use it, the email is typically:
Flagged and removed from your inbox
Sent to your IT/security team for analysis
Used to improve company-wide phishing filters
It’s an easy, safe, and proactive way to fight phishing.
Prevention is the best protection.
Clicking on a phishing email can happen to anyone. Cybercriminals are constantly refining their tactics to trick even the most cautious users. That’s why security awareness training is so important. With the right training, your team learns how to spot phishing attempts before they click.
We can help businesses not only recover from phishing incidents but also prevent them through ongoing security awareness training and proactive IT support and enhanced security protection.
