So, you clicked on a phishing scam. Now what?


By Jennifer Adams

Accounting for over 90% of cyberattacks, phishing is a dominant cybersecurity threat. Phishing is when a hacker sends an email posing as someone the recipient knows to trick them into clicking on an attachment that installs malware, spyware, or ransomware on their device. No matter how careful you are, we are all susceptible to these scams. What matters is knowing the proper steps to take to combat the attack and secure your network.

What should I immediately do?  

          Block the spoofed email address so they cannot contact you again and watch out for any further suspicious messages. Once you fall for a phishing scam, hackers realize you are susceptible to scams and will further target you even more. This is a great time to brush up on cybersecurity training.

          Disconnect your device from the internet and any attached storage drives, to reduce the chances of malware spreading to other devices connected to the network. This will also prevent the hacker from further accessing your device and distributing your private information.

Backup important files after you disconnect from the internet, in case they are erased during the recovery process. This can be done using an external hard drive. Just remember to disconnect from it after the backup is finished.

Scan your device for malware. Whether its Windows or Mac, most computers have a built-in feature allowing you to scan for anything harmful at no extra cost. Run the scan to determine if anything malicious has been installed.

Change your passwords! If the phishing email prompted you to enter login credentials, change your password! If you use the same password, or variations of that password, change it for those accounts as well as hints or security questions. Best practice is to have a unique password for each account.

Contact the organization that was spoofed. Let the person whose email was spoofed know what’s going on so they can warn other contacts to keep an eye out for suspicious emails. They may also want to report the incident to the Federal Trade Commission and forward the email to

Get with a Managed IT Provider to investigate, isolate the problem, fix the issue and work with you and your team to develop, answer any questions and implement better security measures for your company.  The main cause of most cyber-attacks is human error, which is totally preventable when your team is trained on what to look for and how to respond.

Subscribe To Updates

Get notified of important Xerox news and helpful articles from XETX.