Do not click any links or open any attachments
Verify the sender’s email address carefully
Report the email using your organization’s phishing or security reporting tool
Forward the email to your IT or security team if required
Mark the message as phishing or junk in your email client
Delete the email after reporting it
If you entered any credentials, change your password immediately
Enable multi-factor authentication if it is not already enabled
Scan your device for malware if you opened an attachment or link
Warn coworkers if the phishing email was sent to multiple people
