If you see something shady in your inbox, the recommended move is to leave it alone, report it, and then remove it without interacting with it at all.

Core steps to take

  • Do not click links, open attachments, or reply, even to say “stop” or “who is this.”
  • Do not call any phone numbers or use any contact info listed in the message.
  • Mark the message as spam/phishing using your email provider’s built‑in reporting tools (e.g., “Report phishing” in Gmail or “Report” in Outlook).
  • After reporting, delete the email and empty your trash/deleted items so you don’t accidentally open it later.

If it might be from a real company

  • Go directly to the company’s official website or app instead of using links in the email.
  • Log in or contact support using phone numbers or chat options listed on the official site, and ask if the message is legitimate.

If it’s your work inbox

  • Notify your IT or security team immediately and follow your company’s phishing or incident‑reporting process.
  • Leave the message in place until IT confirms what to do, because they may need it for investigation.

If you already interacted with it

  • Disconnect from the internet and run a full scan with reputable security/antivirus software.
  • Change any passwords you might have entered, from a clean device, and turn on multi‑factor authentication where possible.
  • If you provided financial or personal data, contact your bank or relevant provider and watch accounts closely for unusual activity.

Information gathered from public forums or data available on the internet and portrayed here.