Clicked on a phishing link? Here’s what to do next…
Let’s get it straight first. We’ve all been there. Humans are naturally trusting creatures so don’t beat yourself up over it. Anyway, in that split second where you let the guard down, you accidentally click through into the email and follow the link… What do you do next?
Step 1 - Disconnect
Disconnect your device immediately from all sources of internet – whether that is an Ethernet cable or Wi-Fi connection. You should do this because there is then less chance that any potential malware, that may now be on your machine, can spread to other devices on the network.
Step 2 – Back up
We would hope that your files are already backed up, but if they’re not, back them up. This needs to be done if you do not want to lose personal files such as family photos or sensitive documents. When recovering from a cyber-attack, data can be erased or destroyed so it is better to be safe than sorry and ensure everything is backed up.
Step 3 – Scan
Next, scan your machine for malware with your anti-virus software. Launch the programme and conduct a full scan. Remain vigilant – if an error message pops up to advise that you cannot run the scan as you are not connected to the internet – ignore it. You can still run a scan offline. You need to remain disconnected to prevent the potential malware from spreading through the network. While your machine is scanning – leave it and don’t do anything else until this is complete. If any suspicious files are found, follow your anti-virus software’s instructions to either remove or quarantine them. If you are not confident in doing this, contact your IT consultant immediately for assistance.
Step 4 – Credentials
Cybercriminals want your details. They want your usernames, passwords, bank details, credit card numbers and any other identifying information. Thus, malware is designed to trick the victim into entering such information, where the malware then harvests the sensitive data. If you have entered any of your personal credentials, change them immediately on an uncompromised machine. This applies to online banking accounts as well as all online accounts such as social media or shopping accounts.
A common mistake is that we use the same password and usernames for all of our accounts to avoid forgetting our information. This only makes it a million times easier for hackers to steal your credentials and at worst, access funds.
Proceed, but with caution
In the ever-advancing world of the digital age as we know it today, cyber-attacks are a dangerous, and mainly unavoidable, threat to every person who stores information online, or uses connected hardware. In 2015, this was reported to be a whopping 3.2 billion people – almost half of the world’s population, so the target market for a cybercriminal is absolutely huge and extremely unlikely to stop anytime soon.
To conclude…
Use the delete button on suspicious emails. If the suspected phishing email appears to be from a legit organisation, check if they have a phishing department you can forward the email on to, and contact them to let them know what you have received. If it’s from a colleague, speak to them directly to check if they did in fact send the email and if you don’t contact them, remember that if it was truly important, they will call or speak with you directly. Last but not least, always remember that any legitimate organisation will never ask for any sensitive data or personal information on unsecure channels such as email or text.
Two solutions,full protection.
If you want to protect your business from threats like these, Acronis data back up solutions and Symantec anti-phishing software offer world-class protection against cyber threats.
Get in touch with our cloud specialists today who can offer advice suited to your business.