What to do if you fall for an email scam

A person researching email scams on their tablet.

Email scams can steal sensitive information such as passwords, credit card numbers, account data, addresses, and more. Phishing emails are crafted to appear legitimate, such as messages from your bank or another trusted source. They request personal information, which criminals then use for identity theft.

Falling for an email scam can happen to anyone. It’s a frightening concept that could cause you significant worry or panic. Also known as a phishing scam, an email scam involves using emails and fraudulent websites to steal sensitive information such as passwords, credit card numbers, account data, addresses, and more.

Phishing scams also can be executed through text messages. These emails and texts are crafted to appear legitimate, such as messages from your bank or another trusted source. They often request your personal information, which criminals can then use to commit identity theft.

You might think this won’t happen to you, but the Federal Trade Commission (FTC) reports that scammers launch thousands of phishing attacks every day. And they’re often successful. The FBI’s Internet Crime Complaint Center reported that victims lost $30 million to phishing schemes in one year. What should you do if you find yourself a victim of an email or text scam? First, let’s discuss the risks.

Email scams: The risks and consequences

Email scams seek to profit from your personal information. Once thieves have your sensitive data, they can use it to commit a variety of crimes — or they can sell it on the dark web.

Here’s a closer look at how phishing email scams work.

Phishing is an online fraud scheme designed to trick victims into clicking on a compromised email or text link or opening a fraudulent attachment. Once you’ve clicked on the link, you are often then redirected to a fake website that looks like it belongs to a legitimate business. From there, you are encouraged to enter your access credentials.

Once you do, however, the scammers have captured your login information and can then access the authentic site to steal more of your personal information or make purchases.

Another example is you may open an email attachment that is embedded with malware which then infects your device. These viruses could capture your login credentials when you access your accounts or take control of your devices.

Types of sensitive information stolen could include your bank and credit card account numbers, passwords, even your Social Security number (SSN) — any personal data that may be stored and visible in those accounts.

The consequences can be devastating. Scammers who have accessed your personally identifiable information, like your SSN, date of birth, or passwords, may be able to take on your identity and commit different types of identity theft, fraud or other crimes.

Here are some of the risks and consequences.

Financial identity theft

A thief who has accessed or gathered several pieces of your personal information, like your SSN, date of birth, full name, and address may be able to use this information to commit credit card fraud, bank fraud, computer fraud, wire fraud, mail fraud, and employment fraud.

How does this happen? With these pieces of sensitive information, a fraudster can then do things like fill out false applications for loans, credit cards, or bank accounts in your name or withdraw money from your accounts.

Government identity theft

Scammers could use your personal information in fraudulent interactions with the government. For instance, they could use your SSN and other personal information to submit an income tax return and claim your tax refund. This is known as tax-related identity theft, tax refund fraud, and stolen identity refund fraud.

Criminal identity theft

Scammers may use your SSN and other personal information to assume your identity in law enforcement matters. This could range from providing your information for a speeding ticket to larger problems, like if someone gives your identity when arrested.

The consequences could include having a warrant out for your arrest or costing you a job when inaccurate information pops up during a potential employer’s background check.

Medical identity theft

By falling for a phishing scam, you could be giving a cybercriminal access to your health insurance. A fraudster might use that information in a medical emergency, to see doctors, to get prescription drugs, and to file health insurance claims.

This not only could hurt your healthcare coverage, but it also could compromise your safety if someone else’s medical history is in your files when you need emergency medical treatment.

You may get bills and collections calls for medical services you didn’t receive or be denied coverage in certain cases because of misinformation.

Utility fraud

Similarly, thieves could use your personal information to open utility agreements for services such as phone, water, gas, and cable — or upgrade existing service agreements. This type of fraud can be time-consuming to track down and clean up. It could also affect your credit report if their bills go unpaid until you discover the fraud.

Dark web leak

Your personal information could be sold on the dark web. If it is, your data could be on lists that other cybercriminals have access to. If your personal information is exposed, it could be used today or years from now.

What to do if you fall for an email scam

Email scams are a serious threat, and if you’re the victim of an email scam, you must act quickly to help protect yourself against identity theft. Here are some of the important steps to take.

Change passwords

If you’ve clicked the wrong link or provided personal information in response to a phishing scam, change your passwords immediately. This goes for all email and other online accounts, including bank accounts, utilities, online retailers, and so on. You may also need to update any related PIN numbers. Create unique, complex, new passwords for every account, using a sequence of letters, numbers, and symbols. Such passwords are harder for cybercriminals to break.

Notify credit agencies

Contact one of the three major credit bureaus as soon as possible and let them know your account was potentially compromised. Place a fraud alert or credit freeze on your account until the issue has been resolved.

Contact credit card companies

Alert your credit card companies and explain the situation. Your credit cards might not have been used yet, but if you’ve exposed credit card data, unauthorized charges could be in your future. Your bank may suggest freezing or replacing your cards. Let your bank know what happened so they can help you protect your credit line.

Update your software and other tech fixes

Update your software to the most current version and run a comprehensive virus scan if you think your system may be infected with a virus or other malware.

Also, you should encrypt sensitive files, ensure you have a  passwords enabled, and regularly back up your personal information on an external hard drive or to the cloud.

And keep in mind whenever you use a public Wi-Fi network, enabling and using a virtual private network (VPN) is a more secure option.

Also, be sure to turn off your computer when it’s not in use so it’s inaccessible to hackers when powered down.

Check your accounts regularly

Review your bank and credit card accounts regularly to check for suspicious activity. If you’ve previously detected suspicious or unfamiliar activity and set a fraud alert or credit freeze on your credit report, you may consider leaving it in place until you think it’s OK to remove it. And watch for any bills from utility companies or other service providers that aren’t yours.

Reporting resources

If you have fallen victim to a phishing scam, it’s important to report it. Here are some available reporting resources.

  • National Fraud Information Center. Fraud.org is a project of National Consumers League. This organization reports fraudulent activity to the federal government and maintains detailed records of fraud incidents. It also provides links concerning whom you can contact within your state for assistance.
  • Internet Crime Complaint Center. The FBI and the National White-Collar Crime Center run a site called the Internet Crime Complaint Center. It features many tips and other helpful information about avoiding email scams and what to do if you fall victim to one. It also offers a link for filing a claim against a third party who stole your identity or made an attempt. 
  • U.S. Department of Justice. The U.S. Department of Justice runs websites that allow you to file email-scam complaints. The site also features plenty of helpful links, tips, and advice.
  • Better Business Bureau. The BBB makes it possible to alert others to what happened to you so they don’t fall for the same scams.

Learning about phishing and other internet scams just might help you avoid becoming a victim.

Try Norton 360 FREE 7-Day Trial* - Includes Norton Secure VPN

7 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.
*Terms Apply

Alison Grace Johansen
  • Alison Grace Johansen
  • Freelance writer
Alison Grace Johansen is a freelance writer who covers cybersecurity and consumer topics. Her background includes law, corporate governance, and publishing.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.