What Happens When You Click A Phishing Email?

According to the FBI/IC3, business email compromise and email account compromise (BEC/EAC)  made up the most financial loss of any type of cybercrime last year, with losses totaling $1,297,803,489. Phishing emails are designed to compromise your account and personal information through social engineering and malicious links. This type of cyber-attack can hit anyone. From individuals to corporate employees, no one is immune to phishing attempts in their inbox. What happens when you click a malicious link, and how can you ‘Own IT. Secure IT. Protect IT.’ when you are on the receiving end of a phishing attempt? We’re here to help. 

Phishing emails can be designed to look nearly identical to the reputable source that they’re imitating. Just because something looks legitimate, does not mean it is. Over time, phishing has become more sophisticated and targeted. So, let’s say you received an email posing as your company asking you to click a link for a routine password change. It seems harmless and you want to follow company procedures, so you click! 

Now, you’ve clicked and quickly realized your mistake when you were directed to a malicious page. This may seem scary and unfamiliar. Remember that phishing can happen to anyone and that there are steps that you can take to protect yourself and your organization. Start by reporting the incident and locking down your accounts. Our recovery resource database, FraudSupport.org, covers these steps in detail. Report to the proper agencies and to your employer. Small business owners can utilize our partner’s business recovery solutions in the face of phishing attacks. When you report, be sure to do a security-check, change your passwords, and enable two-factor authentication on all accounts immediately.

When you’re on the receiving end of an email like this in the future, there are a few red flags to look for:

  • Always use extra caution with anything that has to do with your passwords or personal information. Ex: If you’ve received an email asking you to reset your password and you did not initiate the reset, do not give out your credentials or click any links in the message.
  • The contact name may appear to be your employer but check the actual email address. Are there misspellings or extra characters added? Is it an address you don’t recognize at all? It’s probably a phishing attempt.
  • If an email requests that you open a link or download an attachment, use extreme caution. The spam filter on your email will not catch everything. Clicking on malicious links or downloads can put viruses on your device and give cybercriminals access to your information. Always take a moment to assess the legitimacy of the message; “Is this an email from a legitimate sender that I know and recognize? Does it make sense that I am receiving this email or does it seem out-of-the-blue?” It’s important to trust your gut and use all context clues in these situations.


Once the dust has settled and you’ve regained control and security on your accounts, you’re ready to start reinforcing your cybersecurity for the future. Remember to look for the red flags we mentioned, and always use extreme caution when clicking emailed links. Small business owners can also utilize our partner’s business security solutions to maintain cybersecurity going forward. We recommend using resources like KnowBe4’s phishing simulation to train employees in the face of phishing attacks.

FBI/IC3 https://www.ic3.gov/default.aspx