Do not click any links or open any attachments in the email
Do not reply to the sender
Mark the email as phishing or junk in your email client
Forward the email to your organization’s IT or security team
Report the email to your email provider’s abuse or phishing address
Report the email to the company or service being impersonated
If the email claims to be from a bank or financial institution, report it through the institution’s official fraud channel
If personal or financial information was shared, contact your bank or relevant account provider immediately
Change your passwords if you may have entered credentials through a suspicious link
Enable multi-factor authentication on affected accounts
Save the email, headers, and any related details for the report
Delete the email after reporting it