Users should act as quickly as possible after they realize they’ve fallen for a phishing attack, according to Mallika Mitra at Money. The faster your IT department can contain a malware infestation or a compromised account, the less damage an attacker can cause.

“If you do fall for a phishing scam on your work email, immediately alert your IT department so they can mitigate the damage on their end and stop it from spreading,” Mitra writes. “If the phish happened on your personal email, run an antivirus scan on your computer by downloading and installing antivirus software to ensure no malware has been installed.”

Mitra also offers useful advice to people who may have handed over personal or financial information to a scammer.

“The FTC lists additional steps to take based on what kind of information you gave the scammer,” Mitra says. “If he got your Social Security number, the agency advises, sign up for regular credit reports, file your taxes early to get a jump on the scammer trying to do the same and consider placing a credit freeze on your report. If he got your banking information, call your bank and ask to close your account and open a new one. Keep a close eye on future transactions: monitor your bank statement for charges you don’t recognize or set up alerts for account balance changes.”

Obviously, it’s still best to avoid falling for a phishing attack in the first place. Mitra says users can thwart these attacks by keeping an eye out for known warning signs as well as being wary of suspicious requests for information.

“The best thing you can do to protect yourself against phishing emails is to be vigilant,” she says. “We’re not telling you to double-check for every red flag we’ve listed in every email you receive, but trust your instincts. If an email seems at all fishy—or makes you panic—take those extra precautions to ensure you’re not giving bad actors free rein over your personal information or compromising your computer system. Keep in mind that Amazon, Target or any of the other organizations scammers pretend to be from probably aren’t going to ask you for details like financial information via an email.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can recognize phishing and other social engineering attacks.