The following content is from an article by KnowBe4 Security Awareness and Training solutions.

Did you know that mishandling a phishing attack could be just as dangerous as falling victim to one? Here are some examples of what not to do when you receive a suspicious email.

One: Do not reply to the email for verification. If you receive a suspicious email that appears to be from someone you know, you may be tempted to investigate further. Replying to the email with questions like, “Have I been hacked?”, or “Is this attachment safe?” only increases the security risk. If an email account has been compromised, the person who replies to your question probably won’t be who you expect. You could be communicating with a cybercriminal in disguise.

Two: Do not forward the email to someone else. The best practice is to never click a link or open an attachment that you were not expecting. But if you are fooled by a phishing email, and you click a malicious link, or open a malicious attachment, you may find that it isn’t behaving as expected. For example, the attachment may open an installer window instead. Another example is when a malicious link redirects you to an unrelated login page. If you see the unusual behavior as a malicious link or attachment, you may think about forwarding the email to a coworker for help, but don’t do it. Whenever you click on a link or open an attachment, consider an unusual behavior as a red flag. Never forward unusual or suspicious emails to other users. If you forward a phishing email, you increase the risk of a security breach because it helps cyber criminals reach more potential victims.

Three: Do not mark the email as spam. First, let’s clarify the difference between spam and a phishing attack. Spam emails are typically annoying or unwanted advertisements. Spam is often unsolicited, but it is usually just a harmless attempt to sell you something. On the other hand, a phishing attack is a malicious email designed to look and feel like real correspondence. Phishing emails typically include a call to action such as clicking on a link, opening an attachment or even transferring money. Marking an email as spam moves that email and other emails that you receive from that sender to a different folder. This means moving a phishing email to spam would only hide the problem, not resolve it.

So, what do you do with suspicious email? The best way to handle suspicious email is to notify your organization. If you report a suspicious email, your cybersecurity specialists can assess and mitigate the threat following cybersecurity protocols will help keep everyone’s information safe. If you’re not sure whether an email is spam or a phishing attack, report it and let the experts decide.