Template · Cybersecurity

Phishing Response Checklist

Steps for reporting, triage, containment, communications, and follow-up after suspicious email.

Resource profile

Beginner
10 min
Template
Download MarkdownResource libraryLearner downloads

Resource output

Ready-to-use starter asset

A practical response flow for suspicious email reporting, triage, containment, and follow-up.

Phishing Response Checklist

Use this as a first draft, then adapt it for your organization, environment, training audience, or certification objective.

Open cybersecurity checklistExplore cybersecurity track

Resource contents

Immediate Actions

  • Do not click additional links, open attachments, or reply to the message.
  • Report the message through the approved channel or forward it to the security contact.
  • Capture the sender, subject, time received, and whether any interaction occurred.

Triage Questions

  • Was a password entered, file opened, payment requested, or MFA prompt approved?
  • Did other users receive the same message?
  • Is the sender known, spoofed, compromised, or external?

Follow-Up

  • Reset impacted credentials and revoke active sessions when account exposure is possible.
  • Block malicious sender, URL, domain, or attachment indicators when confirmed.
  • Record the decision, owner, and user communication for after-action review.

Related resources

Continue with nearby library assets from the same learning domain.

Article · Intermediate

How to Prioritize Small Business Cyber Risk

A practical method for ranking account, device, vendor, and data risks before buying tools.