top of page

A guide for end-users: 5 steps for reporting a successful phishing attack

As an employee at your company, you try your best to protect your organization from becoming the victim of a cyber attack. Learning about common phishing tactics, being cautious about links you click and learning how to report a successful phishing attack are all great ways to promote a culture of cybersecurity on your team.

The reality is no matter how educated or aware you are, people occasionally make mistakes. If you believe that you have opened and interacted with a phishing message, there are steps you can take to help mitigate the potential attack.

1. Stay calm. Take a deep breath and follow the below steps. The worst thing you can do is ignore the situation.

  • If you have not clicked a link, entered any information or downloaded an attachment, report the attack using the Phish Reporter button to ensure the message is not a phishing simulation. If it is a simulation, pat yourself on the back! If not, move to the next step.

  • If you have clicked, entered information or downloaded an attachment, submit the attack via the Phish Reporter button and move on to the next step.

2. Tell someone. Contact your MSP, IT team or other security administrator to alert them of the attack as soon as possible — if your company has a process in place or contact hierarchy for who to reach out to about security incidents, follow those steps carefully.

Letting IT know what happened is crucial. If you interacted with a phishing link or downloaded a potentially malicious file, send a separate note to your IT team to let them know what happened.

3. Document the situation. Take pictures of the stages of the attack you still have open and available (do not click through the link or download a file again). Include the phishing message, where the link led you (if you clicked), what appeared if you downloaded an attachment and the sender information. If possible, take these pictures with a secondary device, like your smartphone in case your device is compromised.

4. Take notes. Write out your experience of what happened and when. Every little bit helps! On a physical piece of paper or secondary device, include notes answering the below questions:

  • What did you notice?

  • Why did you think it was a problem?

  • What were you doing at the time you detected it?

  • When did it first occur, and how often since?

  • Where were you when it happened, and on what network? (office/home/shop, wired/wireless, with/without VPN, etc.)

  • What systems are you using? (operating system, hostname, etc.)

  • What account were you using?

  • What data do you typically access?

  • Who else have you contacted about this incident, and what did you tell them?

5. Be patient. This response may feel disruptive, but you are protecting your team and the organization!

Educated end users can help mitigate potential phishing attacks and ease the process for reporting real attacks in their inboxes.

Share this resource with your team to help everyone in your organization understand best practices for what to do if anyone accidentally interacts with a phishing message.

Building a comprehensive Phishing Incident Response plan with your clients can save both you and your client valuable time. Download the Phishing Incident Response workbook, to create each of your client’s unique phishing incident response plan.

We’ll guide you through the four stages of phishing incident response: investigation, recovery, communication and remediation and provide helpful resources that give you the information you and your clients need to respond to a phishing incident.


Learn more about HacWare: MSP partners can decrease the likelihood their end users will click on a phishing email by 60%. Let us educate your client's teams with automated, AI-driven phishing simulations and under three-minute micro-trainings to keep user attention and improve learning outcomes.

Learn more about our partner program and how we can support your MSP's growth!

bottom of page