Tips & Advice

You just got a suspicious email – what do you do right now?

Jeff Elder, 26 July 2019

Here is specific, step-by-step guidance of what to do in the moment – even if you already replied or clicked

You get a suspicious email. It addresses you by name, but the wording, which urges immediate action, is odd. 

This may happen to you many times a week. Do you know what to do – and what not to do – with emails like this? Do you know what to tell your parents and kids and employees to do when they open these emails? 

How to spot a suspicious email

Some scam emails can be very convincing, with brand logos and official language. Remember to pause anytime an email urges you to take immediate action that could reveal private information. Look for these warning signs of a scam email:

  • The sender name is vague and the sender’s email address is long or convoluted
  • The email’s subject line is attention-grabbing or alarmist
  • The email urges immediate action of some kind
  • An offer of a major discount is dangled 
  • The email cites some pretense for seeking your personal information, including log-in information to a website.
  • The email urges you to click hyperlinked text without clarifying where you are clicking

    suspicious

“Many scams and phishing emails cite offers that are too good to be true,” says Alexej Savcin, an Avast malware analyst. “Or they try to trick users to quickly click on a link with language like ‘click to win’ or ‘see who's watching you’.” 

Once you have identified the email as part of a scam:

  • Don’t click on any attachments, which can install harmful malware.
  • Don’t click on any links, especially if the email urges you to go to a website and provide any information. 
  • Do not reply to the suspicious email or use a phone number or other contact information in the email. 
  • Look closely at the sender’s email address and any web addresses in the email for deviations from the official name of the business or sender.
  • If you are using your work email account, contact the IT team. They may want you to forward them the email but ask first. 
  • If you are using personal email, and a message claims a business is urgently trying to reach you, you can call or reach out to the business by looking up contact information online or on an old bill. Do not use any contact information provided in the suspicious email. 
  • Your personal email platform may allow you to report phishing. On Gmail there is a drop-down menu next to the reply button with that option. 
  • You can also forward a phishing email to the U.S. Federal Trade Commission at spam@uce.gov and reportphishing@apwg.org. 
  • If you already replied to a suspicious email, clicked on an attachment or link, or provided personal information, tell your company’s IT team if you are at work or go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.
  • Get two-factor authentication on your email program, and consider changing your email password and any other related passwords. 

For more information:

If you found this blog post through our newsletter email, we can assure you it is real. But good for you if you looked thoroughly at the email and links before clicking. 

There is no better way to recognize, remove and prevent spam than to use an antivirus and  antispam tool such as Avast. Our antivirus is consistently rated “excellent” by industry experts, trusted by 400 million people worldwide, rated "Antivirus with the lowest impact on PC performance” by AV comparatives – and free.