What Happens If You Open A Phishing Email?

Did You Accidentally Open a Spam Email? 

So, you’ve accidentally opened a spam email, and you’re probably wondering: is that bad? And if so, how bad is it? 

The good news is that opening a suspicious email, while not ideal, is relatively harmless. Spam emails only become a serious cyber threat if you’ve committed any of the following actions:

• Downloaded any malicious files or email attachments.
• Responded with sensitive information (like your credit card or bank account numbers).
• Clicked on any phishing links.

{{show-toc}}

Why Did I Get a Spam Email? How Do Scammers Get My Email Address? 

When spam messages successfully bypass spam filters and reach your inbox, it’s because scammers were able to verify that your email address is valid (as in, it won’t bounce back messages as undeliverable). 

There are a number of different ways that email spammers could have obtained your email address, including: 

• Scraping public records. It’s very easy for spammers to find your email address if you’ve ever posted it online publicly.
• Guessing. Spammers often test out common email combinations, like firstname.lastname, until they get a valid result. 
• Buying email lists. A spammer may have purchased a list of email addresses (legally or illegally) that had your email address on it.
• A data breach. Spammers may have found your email address after a data breach. 
• Scraping social media sites. It’s very easy to scrape sites like LinkedIn for your personal contact information. 
• Shoulder surfing. Scammers will watch you enter your email address in public and add it to their spam list.

Can Scammers See That I Opened Their Email? 

It depends. Scammers will be able to tell that you opened an email if you download any attachments or click on any links (which you should never do), or if your email client automatically loads any images that are embedded in the message. 

If that last item was a bit of a shock, it’s true: scammers can actually gain a ton of data about you if you have automatic image loading turned on. 

If you have automatic image loading enabled, scammers may be able to see: 

• Your location.
• Your internet service provider or mobile carrier.
• Device you used to open the email (desktop, tablet, iPhone / Android).
• Operating system you’re using (iOS, Mac, Android, Microsoft Windows, Linux).
• Email client you’re using (Apple Mail, Outlook, Gmail, or Yahoo Mail). 
• Web browser you’re using (Apple Safari, Google Chrome, or Firefox).
  

Key takeaway: Turn off automatic image loading. Most email services will allow you to disable automatic image loading in your email account settings.

💡 Related: Has Your Gmail Been Hacked? Here's How To Secure Your Account →

{{scam-survey}}

What Should I Do After I’ve Opened a Phishing Email? 

If you’ve opened a phishing email but have not clicked or downloaded anything, be sure to do the following: 

1. Don’t just unsubscribe! Mark it as junk email so that your email client (Gmail, Yahoo Mail, or another provider) can do a better job of sending malicious emails directly to your spam folder. 
2. Scan your computer for ransomware, trojan horse viruses, and other malware just in case. Scammers can use these to hack your email account.
3. Tell friends, family, and your employer (if it was sent to your work address) to steer clear of similar email messages. This may prevent further damage like family identity theft.

Do not engage with any sketchy looking emails, since it's probably phishing spam — and never reply to it directly.

Beware of Suspicious Links, and Never Click Them

You should never open files, scan QR codes, or click unfamiliar links unless you know exactly who sent them. 

Cybercriminals often send computer viruses and malware through malicious attachments like .pdf or .zip files. Hackers are experts at sending phishing emails with malicious links that look almost identical to legitimate emails. Pay close attention to formatting errors in these emails, as they can be an obvious indicator of spam. 

Malware is software that’s designed to harm your computer and/or steal your personal data. Ransomware is a specific form of malware that demands that you pay a ransom in order to protect your private information from being shared over social media or the dark web. 

Phishing attacks usually happen when you click unfamiliar links. Phishing scams are clever attempts at stealing your sensitive personal data by tricking you into clicking links that have the appearance of legitimacy.

Fraudsters do this by forging an email header to make it look like it came from someone you trust. Then, they'll use your sensitive data to make purchases on in your name, or to commit identity theft. 

💡 Related: Have I Been Hacked? How To Recognize & Recover From a Hack →

What Happens If I Opened an Attachment from a Phishing Email or Clicked on a Spam Link?

If you’ve downloaded a corrupt attachment or clicked on a link that has taken you to a suspicious web page, you should take all of the following actions.  

1. Disconnect from your wireless network. Turn off Wi-Fi or cellular data capabilities if you’re on a mobile device, or disconnect from Wi-Fi if you’re using a laptop or desktop. Without an internet connection, there is less of a chance that the malware can send data from your device to hackers or monitor your activity remotely using spyware.  
2. Backup your files. Make copies of your most sensitive information, documents, photos, videos, and other keepsake files and store them on an external drive. 
3. Scan your computer for malware or viruses. Use antivirus software that has anti malware capabilities in order to identify and get rid of any harmful software.
4. Change your passwords immediately. Malware can be used to crack the usernames and passwords for any of your online accounts, including—but not limited to—social media, banking, crypto, email, and shopping accounts. Changing all your passwords will lock out these con artists. 

💡 Related: How To Prevent Phishing Attacks [15 Easy Tips] →

Consider Identity Theft Protection If You've Been Phished

As spam and phishing techniques get more sophisticated, it’s important to arm yourself with the right tools to prevent identity theft and stop scammers from stealing your sensitive data and invading your devices.

In addition to turning off autoloading images in your email, you should update the software on all your devices to the latest versions. Safeguard your passwords with a secure password manager, rather than storing your passwords in a vulnerable place, such as your browser's autofill password center.

Lastly, it’s a great idea to invest in an identity theft monitoring service to ensure you’re proactively notified of any cyber attacks or breaches as early as possible. 

Get peace of mind with Aura's $1M Identity Theft Insurance

If you've been phished and recognize any warning signs of identity theft, Aura is here to help.

Aura helps keep you safe by detecting and blocking malware—such as viruses, ransomware, spyware, trojans and more—which may infect your device and steal your data. All plans come with an insurance policy that covers up to $1M in eligible losses due to identity theft.

Ready to step up your digital security game? Try Aura's 14-day free trial.