Help! I Just Opened A Phishing Email
Phishing emails generally fall into one of two types - attachments that contain malware, or links to spoofed websites that try to steal your personal details.
For help on identifying whether the email you're concerned about was a phishing email or not see this page here. Remember that phishing attacks can also come from text messages or even phone calls too. If in doubt, always follow the tips below.
Jump straight to topic:
If you opened an attachment...
An unexpected attachment - likely to be loaded with viruses!
A common type of phishing email are ones with attachments infected with viruses.
These might be disguised as an invoice, a delivery note, or something else that is designed to encourage you to open it.
The file may even have been crafted to look legitimate when you open them so as to minimise suspicion - just because they open normally & look like the document they're claiming to be doesn't mean that they're innocent.
There's several indicators you could look for to confirm your suspicions of it being infected (eg if it asked you to "Enable Macros"), but to be safe it's best to just always assume the worst - and follow the steps below.
Check your PC for viruses
The most important step to take if you ever open one of these attachments is to check your PC for viruses - follow the steps in full in our guide here. Make sure you follow the Recovery steps in Section 3 on that page too, including checking that your all your software is up to date.
It's also always a good idea to re-run the virus scan after a couple of days too - if the virus is new then it can take a couple of days for antivirus programs to catch up.
Delete the email and attachment
Keeping the email won't do any harm to your PC if you never touch it again, but to be really safe you should delete it (and any copy of the attachment if you saved it anywhere). This will help prevent any accidental opening of the attachment in the future, for example by a family member who stumbles across it.
If you followed a link...
A typical phishing website (this one actually originated as a text message from "my bank")
The aim of many phishing emails is to get you to visit a website that's under the criminal's control. Often these impersonate a well known company, such as a bank or shopping website, and try to panic you with claims of a security alert or unauthorised charge.
These websites then either try to infect your computer with a virus, and / or trick you into handing over personal details such as your login details.
After grabbing your login details, some of these websites will silently forward you to the real website of the company they're impersonating, even logging you in for real so that you're less likely to be suspicious.
It's important to know that the criminals behind these are experienced at creating convincing emails and websites. Don't feel shame at having been tricked - millions of other people have been too! Follow the guidance below to recover from this, and then read through our phishing guide to learn how to spot these in the future.
Run a virus scan
Some of these scam websites are deliberately infected with viruses, and the simple act of visiting them will try to infect your computer. Make sure you run a virus scan first, and check that your operating system and all software is up to date too.
Did you enter any personal details?
These spoof websites will try to trick you into handing over your personal details. They may claim you need to enter your username and password to prove your identity, but what you're really doing is giving the criminals the keys to your account.
If you've been affected in this way you need to take action as soon as you can to keep the fraudsters out of your account:
1. Change your password
Visit the website by typing the address into the browser directly - don't click on any link in the email. If you find that you've already been locked out of your account then follow our guide here.
Change your answers to any password reset questions too if the website uses these, as the hacker may have noted them down.
2. Check for and cancel any orders not from you
For shopping websites take a look at your account history to see if any fraudulent orders have been placed, and if so let the website know. You should still report it even if it's too late to stop the order; the website can investigate and if neccessary give you a refund.
3. Correct any changes to your personal details
Sometimes hackers leave themselves a way to get back into your account by changing your details. Double check everything - your postal address, email addresses, phone numbers, and anything else - to make sure everything is correct & as it should be.
4. Delete any unrecognized devices
Some websites, such as Facebook or Google, know which devices you've previously logged in from to help verify your identity. If the affected website offers this feature then review the devices it knows of (they'll be listed somewhere in your account settings) & delete any you don't recognise.
5. Remove any stored credit cards
It's also sensible to delete any credit cards that you've got stored on your account. Whilst no website should ever display the full card number, it may display the last 4 digits. These are sometimes used as a security question by customer service departments to identify users; delete any cards so that the hacker can't use these to "identify" themselves.
6. Inform your friends & contacts
If your account is an email or social media account then it can be helpful to let your friends know you've been hacked in case the hackers have used it send out spam. If it's too late & some of your friends have already clicked on something in one of these emails, or opened an attachment, then direct them to this website for help.