---
title: "The Only Thing Worse Than Clicking on a Malicious Link in a Phishing Email | Phish Protection"
description: "You might think that the worst thing you can do with a phishing email is to click on the malicious link embedded within. You"
image: "https://phishprotection.com/og/blog/the-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email.png"
canonical: "https://phishprotection.com/blog/the-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email/"
---

Quick Answer

You might think that the worst thing you can do with a phishing email is to click on the malicious link embedded within. You'd be wrong. There's something worse, much worse. What's that? How about forwarding the email to other employees, lots of them?

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=The%20Only%20Thing%20Worse%20Than%20Clicking%20on%20a%20Malicious%20Link%20in%20a%20Phishing%20Email&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email%2F&title=The%20Only%20Thing%20Worse%20Than%20Clicking%20on%20a%20Malicious%20Link%20in%20a%20Phishing%20Email "Share on Reddit") [ ](mailto:?subject=The%20Only%20Thing%20Worse%20Than%20Clicking%20on%20a%20Malicious%20Link%20in%20a%20Phishing%20Email&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fthe-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2019/04/how-to-prevent-phishing-8476.jpg) 

You might think that the worst thing you can do with a phishing email is to click on the malicious link embedded within. You’d be wrong. There’s something worse, much worse. What’s that? How about forwarding the email to other employees, lots of them?

A recent[ article on security website SC Magazine](https://www.scmagazine.com/home/opinion/executive-insight/its-raining-phishes-out-there-do-you-know-what-your-users-are-doing/?utm%5Fsource=newsletter&utm%5Fmedium=email&utm%5Fcampaign=SCUS%5FNewswire%5F20190408&hmSubId=01xQvtS0ero1&email%5Fhash=0da939dab246e8101d6090def505f6f5&mpweb=1325-6996-1896988) details all the bad things employees do with suspicious emails. As things turn out it’s not uncommon for employees to forward infected emails to other employees. What’s even crazier, according to the article, is that “even when users do suspect that danger may be lurking within emails they have received, they still forward those malicious emails to others. When they do, they inadvertently kick off a chain of forwards, _exposing multiple users to malicious links and attachments_.”

What makes forwarding a malicious email bad is twofold. First, it has the potential to spread the problem beyond just the recipient. Instead of one person getting their login credentials compromised, there’s now the potential for dozens of them to get phished.

> 

The other thing that makes forwarding an email bad is that it becomes increasingly difficult for users to identify it as a phishing email with every forward.

That’s because two of the clues that give a hint to a phishing email are

1. the sender’s name/email address and
2. the content of the email itself.

Forwarding the email legitimizes both of them and buries the clues that it’s a **phishing email** further down the into the email making it even harder to detect.

We’re not talking about sophisticated phishing schemes like the one a[ Google engineer discovered that can defeat two factor authentication](https://www.pcmag.com/news/367026/google-phishing-attacks-that-can-beat-two-factor-are-on-the) (2FA). Or the South Korean website that was hit with a[ rare waterhole phishing scheme](https://www.scmagazine.com/home/security-news/phishing/south-korean-websites-hit-with-rare-waterhole-phishing-scheme/?utm%5Fsource=newsletter&utm%5Fmedium=email&utm%5Fcampaign=SCUS%5FNewswire%5F20190401&hmSubId=01xQvtS0ero1&email%5Fhash=0da939dab246e8101d6090def505f6f5&mpweb=1325-6881-1896988). We’re talking about employees forwarding known suspicious emails. Still think all you need is some employee training to **stop phishing attacks**?

![How to prevent phishing](https://media.mailhop.org/phishprotection/images/2019/04/how-to-prevent-phishing-8476.jpg) 

The only chance you have to [stop phishing emails](/content/protection-from-phishing/how-to-stop-phishing-emails/) is to deploy technology which stops them even when employees do everything wrong, because that’s inevitably what some of them will do. When you’re ready to get serious about\*\* email security\*\* and take your lovably human employees out of the equation, head on over to[ Phish Protection](/) and find out how fast and inexpensive it is to get protected. Or, be prepared to scroll down every forwarded email that comes your way.

## Topics

[ Phishing ](/tags/phishing/)[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 23m  Anatomy of a Trust-Based Attack: Deconstructing the Nifty.com Phishing Campaign and the New Frontier of Corporate Defense  Jun 10, 2025 ](/blog/anatomy-of-a-trust-based-attack-deconstructing-the-nifty-com-phishing-campaign-and-the-new-frontier-of-corporate-defense/)[  Foundational 5m  Business Essentials: The Top Email Marketing Security Strategies for 2023  Dec 13, 2022 ](/blog/business-essentials-top-email-marketing-security-strategies-2023/)[  Foundational 5m  Interserve Fined $5 Million by ICO and Why Anti-Phishing Measures are the Need of the Hour  Oct 28, 2022 ](/blog/interserve-fined-5-million-ico-anti-phishing-measures-hour/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"The Only Thing Worse Than Clicking on a Malicious Link in a Phishing Email","description":"You might think that the worst thing you can do with a phishing email is to click on the malicious link embedded within. You'd be wrong.","url":"https://phishprotection.com/blog/the-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email/","datePublished":"2019-04-15T07:00:54.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2019-04-15T07:00:54.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/the-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email/"},"articleSection":"foundational","keywords":"Phishing, Phishing Awareness","wordCount":397,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2019/04/how-to-prevent-phishing-8476.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"The Only Thing Worse Than Clicking on a Malicious Link in a Phishing Email","item":"https://phishprotection.com/blog/the-only-thing-worse-than-clicking-on-a-malicious-link-in-a-phishing-email/"}]}
```