Email Security Blog

What to Do If You Responded to a Phishing Scam

From employee benefits and customer service to accounting and the competition, it takes a lot to make a business run successfully. Sadly, however, it can take next to nothing to take a business down. Consider, for example, three of the worst cybersecurity breaches of 2021:

CNA Financial: This insurance giant suffered a ransomware attack when unknowing employees installed what appeared to be a browser update. In the end, it cost the company $40 million in ransom.

Colonial Pipeline: Probably the most famous phishing disaster of the year, critical fuel pipelines were stopped for days before they paid more than $4 million in ransom to cybercriminals. In the end, the FBI recovered the majority of the ransom funds, though other costs associated with the crime – such as loss of business and recovery expenses – were unavoidable.

JBS USA: Shortly after the Colonial Pipeline attack, the world’s largest meatpacking company paid $11 million to hackers.

According to the National Cyber Security Alliance, 60 percent of small and midsized organizations that fall victim to a hacker go out of business within six months. On top of that, hacking attempts are made every 39 seconds―a near-constant rate.1 So, what steps should employees be aware of taking in the event that they mistakenly fall for a phishing scam? Here is a shortlist.

Steps to Take Immediately After Falling for a Phishing Scam

  1. Quickly disconnect from the internet by unplugging the internet cable or disconnecting from your router/WiFi. This will help reduce the chances that the hacker can access you remotely or gain access to others on your network.
  2. Alert your company’s IT team, if you have one.
  3. Back up important files to the cloud or an external drive in the event that the phishing attack leads to the destruction of your data. This includes sensitive company information and personal files you don’t want to lose.
  4. Scan your system for malware using anti-virus software. Many malicious emails include dangerous malware in the form of computer viruses, worms, Trojan virus, ransomware, spyware, adware, and scareware.
  5. Change your password to prevent the hacker from gaining access to your personal information. Keep in mind that if you use multiple passwords, they should not be the same.
  6. Report the phishing attack to the authorities by filing a report with the FBI’s Internet Crime Complaint Center. It’s also a great place to stay current on the latest phishing threats.
  7. Enlist the services of a third-party complete email security company to prevent future phishing and malware disasters.

Making employees aware of these steps gives them some power over would-be hackers and phishing attempts, but it’s not enough. As a business owner or leader, it’s your responsibility to keep the company safe from cybercrimes by helping ensure employees are never in the position to fall for a phishing scam. By selecting an email security service provider like INKY, you’re taking the power away from cybercriminals, and giving employees the tools and resources they need to make smarter decisions when it comes to questionable emails.

INKY helps companies secure email using a cloud-based security platform that proactively and instantly scans inbound, internal, and outbound emails to eliminate phishing and malware. Whether you are using Microsoft 365, Google Workspace, Microsoft Exchange, or another email solution, INKY is the industry’s best solution for the security of your email…and ultimately, your company. INKY is uniquely effective at catching phishing attacks. Using computer vision, artificial intelligence (AI), and machine learning, the INKY platform intelligently eliminates security threats by blocking malicious emails. It works on any device, and the INKY Email Assistant places highly visible warning banners directly in the email and educates users of the threat at hand.

Consider your company’s current cybersecurity status, and then consider INKY. Request a demo.


INKY is an award-winning, cloud-based email security solution developed to proactively eliminate phishing emails and malware while simultaneously providing real-time assistance to employees handling suspicious emails so they can make safer decisions. INKY’s patented technology incorporates sophisticated computer vision, machine learning models, social profiling, and stylometry algorithms to effectively sanitize emails, rewrite malicious links, detect and block security threats, mitigate sender impersonation, and more. Cost-effective and powerful, the INKY platform was developed for mobile-first IT organizations and works seamlessly on any device, operating system, and mail client. Learn more about INKY™ or request an online demonstration today.