What if I clicked on a phishing email?

by Jon Lober | NOC Technology

Just a quick refresher—
what is email phishing?


Phishing is a type of cyberattack where attackers try to trick you into giving away sensitive information—like passwords, credit card numbers, or even access to your business’s network—by pretending to be someone you trust. These emails often look like they’re from legitimate companies, like your bank, a well-known retailer, or even someone within your own organization.


The goal? To get you to click on a malicious link or download an attachment that can compromise your system. Sometimes, the emails are obvious fakes, but other times, they can be extremely convincing, making it crucial to stay vigilant.

what if i took the bait phishing email what to do

But here's the thing— recognizing a phishing email is only half the battle. What you do next is equally important. So let's break down the steps you should take when you suspect you've received a phishing email.


Don't Panic

First and foremost, don't panic. Take a deep breath and resist the urge to immediately delete the email.
Wait— don’t delete it? Why? Because your IT team or security provider can actually use that email to strengthen your defenses.


Instead, here's what you should do:

  1. Don't click on any links or download any attachments.
    This is crucial. Even if the email looks legitimate, treat it with suspicion.
  2. Forward the email to your IT department or security provider.
    Most companies have a dedicated email address for reporting suspicious messages. If you're not sure, check with your IT team.
  3. After forwarding, delete the email from your inbox.
    Also, empty your trash folder to ensure it's completely gone from your system.
  4. If you accidentally clicked a link or downloaded an attachment,
    disconnect your device from the network immediately and contact your IT support.
  5. Lastly, and this is important - educate your team.
    Share this information with your employees. Sure, you would never click on that link, but what about Brenda over in HR or Mike in sales? Remember, your company's cybersecurity is only as strong as your least-informed team member.


But what if you're not sure it's a phishing email to start with? When in doubt, err on the side of caution. It's far better to report a legitimate email as suspicious than to fall victim to a phishing attack. Hover over any suspicious links before clicking them. This will show you the actual URL, which can often reveal if it's a scam.


Remember, staying vigilant against phishing isn't just about protecting your data - it's also about safeguarding your business's reputation and your customers' trust.


Book cover:

Learn more with my FREE book!



How to keep hackers from hijacking your inbox

In this book, CEO Jon Lober shows us what it looks like when a business is the target of an attack, what the consequences of an attack are, and how to protect your business from a phishing attack.

Request a copy
One Technology Partner St Louis

You need an IT Provider that Knows YOUR Business

By Jon Lober February 24, 2026
Generic IT fixes tickets. Strategic IT protects revenue. Learn why St. Louis businesses need an MSP that understands how you actually make money.
should you put all your eggs in same basket

One Technology Partner St Louis

By Jon Lober February 23, 2026
How many providers does it take to manage your tech? If you run a small or mid-sized business in the St. Louis region, you probably work with a mix of technology vendors: one company for internet, another for phones, and maybe a third for managed IT support. When everything is up, that patchwork can feel “good enough.” When something breaks, it quickly turns into finger-pointing and downtime.

AI Assistants for Small Business: The OpenClaw Reality Check

By Jon Lober February 20, 2026
A brutally honest guide to deploying AI in your business: without getting burned
More Articles