Monday, 27 April 2020

Help! I’ve received a suspicious email! What should I do?

But what happens when your cyber security training pays off and you realise that you have a suspicious email in your inbox? What should your next move be?

We’re huge believers in the power of regular online training to help staff spot malicious email attacks. But what happens when that training pays off and you realise that you have a suspicious email in your inbox? What should your next move be?

We’ve talked extensively on this blog about how to spot a suspicious email and the red flags that can alert you to an attempted phishing or spear phishing attack.

In this blog, we’d like to talk about what you should do when you realise that an email might not be what it seems at first glance.

Take the heat out of the situation

Hopefully, your IT support partner will be working with you to create email filtering rules that ensure that majority of spam and phishing emails sent to you never make it into your inbox.

However, hackers are a creative and persistent bunch and so, inevitably, some suspicious emails may get through.

If you are suspicious about any email that pops up in your inbox, the very first thing you should do is: nothing.

Don’t click on any links!

It probably goes without saying that you should definitely not download any files or images or click on any links in any email you have suspicions about. But for the sake of completeness, we’ll reiterate it here anyway. Don’t click on any links!

Stop and think!

One way hackers will try to get around your defences is by creating a false sense of urgency to their request. This way, they create a sense of panic in the reader and you’re more likely to make bad decisions.

No matter how “urgent” a request is, take a step back and take the heat out of the time pressure you are being made to feel.

Err on the side of caution

It’s better to pay the invoice late or change the password tomorrow, rather than accidentally pass important information or cash to the hackers. Rather than be rushed into a mistake, if you accept that “better late than a mistake” is a good rule to follow here, you will be able make a better decision.

Check it out!

If you aren’t sure, put it to the test. The fastest way to check things out is simply to call the person whom the email purports to be from. Call through to accounts and ask whether they really need that payment to be made. Call through to your bank and ask whether they’ve asked you to update your details.

Never use the contact details in the suspicious email! Use the normal contact numbers.

Notify your IT team

It’s a good idea to let your IT team (whether internal or outsourced to an IT partner) that you’ve received a suspicious email. This way, they can investigate and check whether anything else needs to be done. For example, they may want to change some of the email filtering rules in place.

Don’t forward it on!

Don’t be tempted to share the email in order to alert others to your concerns. There is a possibility they might not be as sharp eyed as you and could fall for the hoax or click on the links. There’s also the possibility that even opening the email could have installed malicious code on your machine.

Run a virus scan

Just in case you have downloaded something nasty, it might be a good idea to run a virus and malware scan on your machine. Speak with your IT department if you’re unsure.

Feedback to the NCSC

If you are concerned that the suspicious email is part of a cyber crime incident, you can report it to the UK’s National Cyber Security Centre (NCSC). This helps the NSCS stay abreast of current threats, which it then disseminates to the public in weekly threat reports.

What if you’ve suffered a breach?

If you didn’t spot the suspicious activity in time, you’ll need to escalate the issue to your IT provider. Under GDPR, you’ll also need to notify the Information Commissioner’s Office (ICO) in the event of a data breach.


If you’d like help with training staff to spot suspicious emails, please get in touch, or check out our guide here:

If you’d like assistance developing an email and/ or data security strategy, policy or tools, then Grant McGregor can help with that too.

Simply give our team a call on 0808 164 4142


Call our team now