More people than ever are getting caught out by phishing scams and clicking on links which are designed to steal sensitive information or infect a computer with malware.
We hear about these scams week in and week out in the press and think there’s no way we would fall for these elaborate hoaxes, however as we have become more knowledgeable about the signs of a phishing scam, the attackers have become more sophisticated and targeted in their approach.
The phishing emails that we receive in our inbox are increasingly well written, personalised, contain the logos and language of brands we know and trust and are crafted in such a way that it's difficult to distinguish between an official email and a dodgy email drafted by a scammer.
The increasing sophistication of these emails has tricked many people into clicking on links which has been quickly followed by a feeling of panic and dread as victims wonder what’s going to happen next and if there’s any way they can reduce the damage.
If you are in the unfortunate position of having clicked on a phishing link or downloaded a malicious attachment, there are a number of steps you should take immediately.
1. Disconnect Your Device
The first and most important step you need to take is to immediately disconnect your device from the internet. The best way to do this is to unplug the internet cable from your computer or laptop. If you are connected through a Wi-Fi network, you will need to access your Wi-Fi settings and disconnect from the current network or turn the power off to your router.
This will help reduce the risk of malware spreading to other devices on your network and prevent an attacker from remotely accessing your device.
2. Back Up Files
As soon as you have disconnected your device from the internet, the next step is to back up your files. In the aftermath of a phishing attack, data can easily be destroyed or deleted so it's important to make back ups of all your documents and sensitive information, as well as personal files such as family photos and videos.
Data can be backed up on to an external hard drive, USB or cloud storage. In the event of an attack it's important to have offline back-ups of your data to make sure you don't lose any personal files.
3. Scan System for Malware
The next step is to scan your machine for malware using anti-virus software. You will need to launch the programme and conduct a full system scan. If an error message pops up notifying you that you cannot run the scan as you are not connected to the internet, ignore this. You will still be able to run a scan offline. If you are connected to the internet you will increase the chance of malware spreading through the network, so it's important to remain disconnected. Leave your machine to scan and don't touch your device during this process. As soon as the scan is complete, you will be notified if any suspicious files were found and instructed whether to delete or quarantine them.
Depending on your level of technical expertise, the scan can be conducted by yourself with a reputable Anti-Virus software programme, or you could take your device to a professional to ensure it is cleared of any potential malware.
4. Change Your Password
It’s important to change your password as soon as you suspect you have become victim to a phishing attack. One of the main objectives of a phishing attack is to steal personal information such as usernames, passwords, credit card numbers, bank details and other sensitive information. Malware is often embedded within a phishing link as it will harvest and store this data for an attacker.
If you have entered any of your personal details, it will be important to change these details as soon as possible from an uncompromised machine. This will apply to all online accounts such as email, social media and banking.
Don’t make it easy for the criminals to gain access to your data by using the same password for multiple accounts. Choose a different password for each account or consider using two factor authentication as an extra layer of defence.
Despite the increasing sophistication and convincing nature of these emails, there are still some giveaway signs that may alert us to the presence of a phishing email. These include threatening language, a generic greeting, poor grammar, spelling mistakes, a mismatched URL, claims of prizes or a request for personal information. Legitimate businesses will never send emails or texts requesting you click on a link to enter or update personal data.
You should also read:
If you would like further information on how to protect yourself from phishing and ransomware attacks, click here, to find out how MetaCompliance can help. Our MetaPhish Platform has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime.