Overview

Considering how many unsolicited emails inundate us and how sophisticated scammer communication has become, there’s no shame in accidentally opening a so-called “phishing” email. But when it happens, you should purge your inbox and device of the junk. In the meantime, remember this one thing: when in doubt, don’t open or click. 

3.4 billion. That's how many phishing emails go out each day, according to the Armed Forces Communications and Electronics Association International (AFCEA).

With numbers like that, it's inevitable that you’ll accidentally open a scam email from time to time. But what do you do when it happens and how can you be sure it’s a phishing attempt anyway? 

What is phishing?

Phishing is any attempt to steal information, usually through an unsolicited email, text, or phone call that turns out to be a scam.

Think of it like the scammer fishes for a victim. They cast the line out—in many cases, an email—and hope to get a bite. A bite equates to the recipient opening the email and acting on its message.

Phishing emails often look and read like they come from reputable sources. But they aim to steal your money or personal information, or infect your device with malware that spy, sabotage, and circumvent your security systems.

How to spot a phishing email

When you suspect a phishing email has landed in your inbox, first ask yourself: Were you expecting the email? Have you gotten legitimate emails from the source before? Answer “no” to either (or both) of those questions, and your internal phishing email alert should sound.

If you’re confident it’s a phishing attempt, mark the email as spam (which notifies your email provider), delete it, block the sender, and clear your email trash.

If you’re unsure, proceed carefully. Check out the sender. Do you know the individual, do business with the company, or follow the brand? Then, study the subject line. Does the subject mention a problem, use urgent language like "urgent" or "hurry," or make an offer that seems too good to be true?

If the sender is unfamiliar and the subject line raises suspicion, your best move is to treat it as a phishing attempt.

If you open a phishing email, do this

If you determine an email legitimate enough to merit its opening, carefully screen the message before clicking on embedded links or opening any attachments. Ask yourself the following:   

  • Is it a brand you recognize? Is the logo correct? Is the name spelled right?  

  • How does it read? Is the grammar and spelling sub-par? 

  • Does the sender ask for your information (your Social Security number, license number, birth date, etc.) or account information (financial details, passwords, and login credentials)? 

  • Does the message pressure you to act in some way? Do they use alarmist words and consequences—even threats—if you don’t act? 

  • Does the URL seem legitimate? Let your cursor hover over each link in the message. As it does so, look in the bottom left of your browser screen. Does it match the source, or does it seem unrelated? 

If you answer “yes” to any of the above, don’t click on the embedded links or open any attachments. Instead, follow these nine steps to wipe it from your device.  

  • Take a screenshot of the message, including the sender and subject line.  

  • Mark the email as spam to alert your email provider.  

  • Delete the email and empty your email trash folder.  

  • Block the sender, and for good measure, clear your browser’s cache. (You don’t want your browser to accidentally lead you to the same scam link again) 

  • Report the phishing attempt to your email host, the Federal Trade Commission (FTC), and the Better Business Bureau’s Scam Tracker.  

If you answered “no” to the questions about the email’s content, don’t click on links or open attachments just yet. Instead, search for the sender’s offer alongside the word “fraud.”

Then do the same with the person’s, brand’s, or company’s name and “fraud.” If nothing comes up in either case, but you’re still suspicious, do a new search, this time for the sender’s contact information.

If everything on the search engine syncs with what’s on the site and email, you can proceed, or you try one more screening step: Call them on the phone. If the source clears, you should be good to move forward with opening links and attachments.  

If you click on a link in a phishing email, do this

If the email checks out as best as you can tell, and you click on a link only to land on a site or screen that is fraudulent or seems otherwise off, take a screenshot and close the browser window immediately.

Go back to the opened email and follow the steps outlined in the previous section. Make sure you empty your browser’s cache, so the phisher’s URL doesn’t remain in your browsing history.

If you open an attachment in a phishing email, do this

Sometimes, a phishing email tricks you into opening its attachment. If you do so, take a screenshot of the attachment and close it. Delete the attachment from the device and its download folders. Empty your device’s trash. If the email is still open, screenshot it, too. Then, follow the steps listed above.

Allstate Identity Protection members can also count on us for extra support navigating the ever-changing phishing landscape. We're here to help whenever you need us. Some plans also include phishing protection—a feature that blocks malicious links from emails, websites, and more, safeguarding you from malware and harmful downloads.  

Quick Tips

Reporting phishing attempts

Marking an email as “spam” automatically lets your mail service provider know the sender should be blocked throughout their system. That typically suffices when you simply see the email in your inbox or open it but don’t click on any of its links or attachments.

But if you click away before you realize you’re amidst a scam, the situation may warrant a more thorough report. That entails looping in the FTC and BBB and contacting your email provider’s scam and phishing department. To find it, type “report phishing attempt” and your email host’s name into your search engine. Share the screenshots and the details of what happened.