Email Attack: What it is, red flags to spot, and what to do if you clicked

Email Attack

What it is

An email attack uses your inbox as the doorway. Criminals send messages that trick you or deliver malware - from fake “account alerts” to booby-trapped invoices - aiming to steal logins, install spyware/ransomware, or get you to send money.

Common plays

  • Phishing: look-alike logins grab your password.

  • Malware attachments: invoices/ZIPs/scripts that infect your device.

  • Business email compromise (BEC): “CEO/CFO” asks for urgent payment or gift cards.

  • Link shorteners & look-alikes: buttons say one thing; URL goes elsewhere.

Red flags

  • Urgent tone (“pay now,” “verify in 15 minutes”)

  • Sender name looks right, address doesn’t

  • Odd file types: .zip, .js, .exe, macro-enabled Office files

  • Links that don’t match the real site when you hover

If you clicked

  1. Disconnect from the internet; don’t open banking/crypto.

  2. Scan with trusted anti-malware; reboot and scan again.

  3. From a clean device, change passwords and turn on MFA.

  4. In email settings, remove suspicious forwarding rules and sign out of other sessions.

  5. Tell IT/support and anyone who might be affected.

Prevent it

  • MFA everywhere; a stolen password alone won’t work.

  • Use a password manager and unique passwords.

  • Preview links (hover/tap-and-hold) and don’t open unexpected attachments.

  • Keep your device, browser, and mail app updated; enable spam/attachment filtering.

  • For teams: add DMARC, DKIM, SPF and train staff to verify money/account changes out of band.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Phishing

        What it is Phishing is a scam where someone pretends to be a trusted person or service to trick you into giving up passwords, card numbers, or other sensitive data. It shows up in email, texts, social DMs, and look-alike websites. For a quick ...

      • Social Engineering

        What it is Social engineering is tricking people into doing something they shouldn’t - like clicking a link, sharing a code, or paying a fake invoice. Instead of hacking computers, attackers hack trust with stories that feel urgent, helpful, or ...

      • Baiting

        What it is Baiting is a social-engineering trick: attackers dangle something tempting—an “urgent” work file, free software, a giveaway—to make you install malware yourself. The lure feels legit; the payload hides in the download. How it works A ...

      • URL Redirection Attack

        What it is A URL redirection attack tricks your browser into leaving a real site and loading a fake one. The attacker slips a redirect into a link or page (or abuses a site’s “open redirect” bug), so when you click, you’re quietly sent to a malicious ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...