Do not reply to the suspicious email
Do not click any links or open attachments
Preserve the email and its headers
Mark the message as phishing or spam in your email service
Report it to your organization’s IT or security team
Report it to the email provider or platform
Forward the email to the appropriate anti-phishing address if available
Report financial fraud to your bank or payment provider immediately
Report identity theft to the relevant government fraud agency
Change passwords if you entered any credentials
Enable multi-factor authentication on affected accounts
Monitor accounts for unauthorized activity
Delete the email after reporting it