June 1, 2099 2:24 PM
Back to all articles

What Happens If You Open A Phishing Email?

December 5, 2022
Internet Security
Share this:
Share this:

Ryan Toohil

CTO at Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Did You Accidentally Open a Spam Email? 

    So, you’ve accidentally opened a spam email, and you’re probably wondering: is that bad? And if so, how bad is it? 

    The good news is that opening a suspicious email, while not ideal, is relatively harmless. Spam emails only become a serious cyber threat if you’ve committed any of the following actions:

    • Downloaded any malicious files or email attachments.
    • Responded with sensitive information (like your credit card or bank account numbers).
    • Clicked on any phishing links. 

    Why Did I Get a Spam Email? How Do Scammers Get My Email Address? 

    When spam messages successfully bypass spam filters and reach your inbox, it’s because scammers were able to verify that your email address is valid (as in, it won’t bounce back messages as undeliverable). 

    There are a number of different ways that email spammers could have obtained your email address, including: 

    • Scraping public records. It’s very easy for spammers to find your email address if you’ve ever posted it online publicly.
    • Guessing. Spammers often test out common email combinations, like firstname.lastname, until they get a valid result. 
    • Buying email lists. A spammer may have purchased a list of email addresses (legally or illegally) that had your email address on it.
    • A data breach. Spammers may have found your email address after a data breach
    • Scraping social media sites. It’s very easy to scrape sites like LinkedIn for your personal contact info
    • Shoulder surfing. Scammers will watch you enter your email address in public and add it to their spam list.

    Can Scammers See That I Opened Their Email? 

    It depends. Scammers will be able to tell that you opened an email if you download any attachments or click on any links (which you should NEVER do), or if your email client automatically loads any images that are embedded in the message. 

    If that last item was a bit of a shock, it’s true: scammers can actually gain a ton of data about you if you have automatic image loading turned on. 

    If you have automatic image loading enabled, scammers may be able to see: 

    • Your location.
    • Your internet service provider or mobile carrier.
    • Device you used to open the email (desktop, tablet, iPhone / Android).
    • Operating system you’re using (iOS, Mac, Android, Microsoft Windows, Linux).
    • Email client you’re using (Apple Mail, Outlook, Gmail, or Yahoo Mail). 
    • Web browser you’re using (Apple Safari, Google Chrome, or Firefox).

    Key takeaway: Turn off automatic image loading. Most email services will allow you to disable automatic image loading in your email account settings.

    💡 Related: Has Your Gmail Been Hacked? Here's How To Secure Your Account

    What Should I Do After I’ve Opened a Phishing Email? 

    If you’ve opened a phishing email but have not clicked or downloaded anything, be sure to do the following: 

    1. Don’t just unsubscribe! Mark it as junk email so that your email client (Gmail, Yahoo Mail, or another provider) can do a better job of sending malicious emails directly to your spam folder. 
    2. Scan your computer for ransomware, trojan horse viruses, and other malware just in case. Scammers can use these to hack your email account.
    3. Tell friends, family, and your employer (if it was sent to your work address) to steer clear of similar email messages. This may prevent further damage like family identity theft.

    Do not engage with any sketchy looking emails, since it's probably phishing spam — and never reply to it directly.

    💡 Related: Phishing Email Examples: 20 Emails That Don’t Look Like It

    Don’t Get Scammed! How To Protect Yourself From Email Spammers

    Spam emails are often the first step in larger, more dangerous scams. Don’t wait to become a victim. Instead, follow these steps to proactively protect yourself from the risks of identity theft: 

    1. Learn to recognize the warning signs of a phishing attack. Spam emails are often used to disguise phishing attacks. If you engage with them, you could be putting your online accounts and identity at risk. Here’s a guide on how to prevent phishing attacks.
    2. Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud. 
    3. Consider signing up for identity theft protection. Aura combines top-rated identity theft protection with credit monitoring, antivirus software, and $1,000,000 insurance for eligible losses due to identity theft. Try Aura’s 14-day free trial for immediate protection while you’re most vulnerable.

    💡 Related: How to Stop Spam Emails (2022 Guide)

    Beware of Suspicious Links, and Never Click Them!

    You should never open files, scan QR codes, or click unfamiliar links unless you know exactly who sent them. 

    Cybercriminals often send computer viruses and malware through malicious attachments like .pdf or .zip files. Hackers are experts at sending phishing emails with malicious links that look almost identical to legitimate emails. Pay close attention to formatting errors in these emails, as they can be an obvious indicator of spam. 

    Malware is software that’s designed to harm your computer and/or steal your personal data. Ransomware is a specific form of malware that demands that you pay a ransom in order to protect your private information from being shared over social media or the dark web. 

    Phishing attacks usually happen when you click unfamiliar links. Phishing scams are clever attempts at stealing your sensitive personal data by tricking you into clicking links that have the appearance of legitimacy.

    Fraudsters do this by forging an email header to make it look like it came from someone you trust. Then, they'll use your sensitive data to make purchases on in your name, or to commit identity theft. 

    💡 Related: Have I Been Hacked? How To Recognize & Recover From a Hack

    What Happens If I Opened an Attachment from a Phishing Email or Clicked on a Spam Link?

    If you’ve downloaded a corrupt attachment or clicked on a link that has taken you to a suspicious web page, you should take all of the following actions.  

    1. Disconnect from your wireless network. Turn off Wi-Fi or cellular data capabilities if you’re on a mobile device, or disconnect from Wi-Fi if you’re using a laptop or desktop. Without an internet connection, there is less of a chance that the malware can send data from your device to hackers or monitor your activity remotely using spyware.  
    2. Backup your files. Make copies of your most sensitive information, documents, photos, videos, and other keepsake files and store them on an external drive. 
    3. Scan your computer for malware or viruses. Use antivirus software that has anti malware capabilities in order to identify and get rid of any harmful software.
    4. Change your passwords immediately. Malware can be used to crack the usernames and passwords for any of your online accounts, including—but not limited to—social media, banking, crypto, email, and shopping accounts. Changing all your passwords will lock out these con artists. 
    Take action: If scammers get your sensitive personal data, they could take out loans in your name or empty your bank account. Try an identity theft protection service to monitor your finances and alert you to fraud.

    💡 Related: How To Prevent Phishing Attacks [15 Easy Tips]

    Consider Identity Theft Protection If You've Been Phished

    As spam and phishing techniques get more sophisticated, it’s important to arm yourself with the right tools to prevent identity theft and stop scammers from stealing your sensitive data and invading your devices.

    In addition to turning off autoloading images in your email, you should update the software on all your devices to the latest versions. Safeguard your passwords with a secure password manager, rather than storing your passwords in a vulnerable place, such as your browser's autofill password center.

    Lastly, it’s a great idea to invest in an identity theft monitoring service to ensure you’re proactively notified of any cyber attacks or breaches as early as possible. 

    Get peace of mind with Aura's $1M Identity Theft Insurance

    If you've been phished and recognize any warning signs of identity theft, Aura is here to help.

    Aura helps keep you safe by detecting and blocking malware—such as viruses, ransomware, spyware, trojans and more—which may infect your device and steal your data. All plans come with an insurance policy that covers up to $1M in eligible losses due to identity theft.

    Ready to step up your digital security game? Try Aura's 14-day free trial.

    Related Articles

    How does email get hacked: Header image
    Internet Security

    Was Your Email Hacked? Here's How To Know And What To Do

    Was your email hacked? This guide explains how to know for sure. Learn how hackers can break into your email, and what to do if you get hacked.

    Read More
    January 5, 2023
    How to tell if an email is from a scammer: Header image
    Fraud

    How To Tell If An Email Is From a Scammer [With Examples]

    Did you receive an email from PayPal or Amazon asking to confirm your account details? Could it be legitimate or a scam? Here's how to tell.

    Read More
    December 16, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    Start Free Trial