Do not reply to the email
Do not click any links or open attachments
Mark the email as spam or phishing in your email app
Forward the email to your email provider’s abuse or phishing address
Report it to your organization’s IT or security team if it was sent to a work account
Report it to the sender’s real email provider if available
Report it to the relevant government cybercrime or fraud reporting agency
Delete the email after reporting it
Change your password if you clicked a link or entered any information
Enable two-factor authentication on your accounts
Monitor your accounts for suspicious activity
