Phishing is a common type of cyberattack where bad actors try to trick you into revealing sensitive information such as passwords, credit card numbers, or account logins by pretending to be a trusted source like your bank, a colleague, or a well-known brand.
If you suspect a phishing attempt or happen to fall victim to one, here are the steps you should follow.
Do not engage with the message
If you receive a suspicious email, text, or message:
- Do NOT click on any links or attachments.
- Do NOT reply, even if it looks urgent or threatening.
- Do NOT provide any personal or financial information.
Even clicking a link can be enough to trigger malware or redirect you to a fake login page.
Report the phish
Help prevent future attacks by reporting it.
- At work: Report to your IT or security team immediately.
- Personal email: Most services have built-in reporting:
- Gmail: Click the three dots > “Report phishing”
- Outlook: Click “Report” > “Phishing”
Additionally, report it to PNG NCSC.
If you clicked a link or gave information
- Change your password immediately
- Especially for the affected account.
- If you use the same password elsewhere, change those too.
2. Enable Multi-Factor Authentication (MFA)
- Adds an extra layer of protection even if your password was stolen.
3. Run a virus/malware scan
- Use trusted antivirus software to scan your device for threats.
4. Contact affected companies
- If you gave away banking details, contact your bank or credit card provider to freeze or monitor your account.
- If work credentials were compromised, notify your IT department immediately.