CLICKED A PHISHING LINK? What Next?
Have you ever opened a phishing message, clicked on a link or downloaded an attachment, only to hear your internal voice go: “Oops!”?
The average person today knows about phishing attacks. You may not know exactly how they work, the different ways they can show up, or the specific ways they cause harm. But you will know that phishing attacks are unwelcomed and should be avoided.
So what happens if you accidentally click on a phishing link?
It happens in a flash! Totally unintended! You hear yourself thinking: “Rewind! Rewind! I should have known better”. But maybe you were distracted, doing multiple things, and it …just happened.
What next?
Over the last week, a friend called with this exact dilemma. She clicked on a suspicious link and it took her to a web page. Immediately she detected the peril and didn’t go beyond that. Being totally aware of the urgency to act, she reached out to us for help.
That one event inspired this post. And it comes against the background that the phishing emails we see today are far more sophisticated and believable than those of yesteryear. It is getting very difficult to detect them. And despite that we’re more aware that they exist, most people are still not savvy in detecting them or knowing what to do if they realize that they fell victim to a phishing attack.
Did you know that 30% of phishing messages were opened by targeted users in 2019; or that phishing attempts grew by 65% in the last year?
Here’s the advice we gave to the woman business owner who feared that she had put her business and customer information at risk:
-
-
Go offline immediately
-
Run your anti-malware scan
-
Change your passwords
-
Prevention is better than cure
-
1. Go Offline Immediately
Disconnect your device! Staying connected online can expose you to further action by the cyber attacker which may include accessing, removing or downloading your data. You are at this point also at risk of spreading any malware infection to other users on your network. Therefore, disconnect from the internet as well as from your network to isolate your device by disabling your wifi connection or unplugging your network cable.
2. Run an Anti-malware Scan
An anti-malware scan will detect and remove the various forms of malware (viruses, spyware, rootkits, Trojans, exploits, and ransomware, inter-alia) deposited on your device. Execute the anti-malware scan without reconnecting to the internet. The program you use should be the most current version. After you complete the scan, the program will instruct you how to remove or quarantine any suspicious files.
However, not all malware is easy to detect. Many persons therefore opt to run a second scan using a different program that can potentially identify and remove files that were missed in the first scan.
3. Change your Passwords
Act on the assumption that your information was compromised and now rests under the control of a hacker somewhere. Before you sign back into the device which was subject to the attack, use another computer to change all your passwords. This is going to be the point where you will be thankful that all your passwords are securely stored in one place; or you will be wishing you had followed best practice guidance and was already using a trusted password manager.
Go right ahead and go overboard here! Change the passwords for your most visited sites to include: email accounts, online banking, social media sites, and anywhere that you would have shopped online.
4. Prevention is Better than Cure
It is evident that most people hope not to fall victim to a cyber attack. But “hope is not a strategy”.
The best defense afforded in this digital era to potential victims, which we all are, is a prevention strategy that includes regular and continuous security awareness training. This right here may prove to be your saving grace! It keeps you in the know of current attack types and heightens your vigilance in protecting your data. Any such program will guide you to good cyberresilience health which includes:
- Regularly backing up your files. It is not uncommon to lose data during the recovery process from a cyberattack. The practice of regular back ups will help mitigate this risk.
- Practicing good password hygiene. Where do we start here? This topic bears its own post. Suffice it to say at this point:
- Use passphrase not a password
- Don’t use same username – password combination on multiple sites
- Subscribe to a password manager
- Installation of anti-malware. Today’s cybersecurity threatscape demands an anti-malware program with the advanced cybersecurity capabilities to treat with today’s more sophisticated threats.
There you have it! The rest is up to you. What next?
A Cecile Watson (CDP)* is a former regional Caribbean banker, a senior business leader and an experienced director in the private & public sector. Email us at [email protected] | *CDP – certified in data protection
Follow us on social media (IG, Fb & Linkedin – @shredwiz & Twitter -@shredw1z) to stay in the loop. Also please share this post with your tribe via the social media links below.