The impact of falling prey to phishing can be of varying levels. The most common and direct impact is a leakage of confidential or sensitive information. This could be your personal credit card information, or the account credentials for your company. In the latter case, the implications could be even greater as the attacker can make use of your account for other malicious purposes. For example, they might use your email account to send spam to other organizations, and this might result in your company’s email domain to be blacklisted by anti-spam services. They could also use the account to send more phishing email to other staff in your company, lending more credibility and causing more people to fall prey.

By having access to your personal information and account credentials, attackers can also impersonate the victims to commit other fraudulent activity such as accessing and altering confidential information.

Finally, attackers can use your account credentials to compromise other IT resources within or outside your company. This is even more serious if this is a privileged account used for performing system administration tasks.