More people than ever are getting caught out by phishing scams and clicking on links which are designed to steal sensitive information or infect their computer with malware.
We hear about these scams week in and week out in the press and think there’s no way we would fall for these elaborate hoaxes. However, as we've become more knowledgeable about the signs of a phishing scam, the attackers have become more sophisticated and targeted in their approach.
The phishing emails that we receive in our inbox are increasingly well written, personalised, contain the logos and language of brands we know and trust and are crafted in such a way that it's difficult to distinguish between an official email and a dodgy email drafted by a scammer.
The increasing sophistication of these emails has tricked many people into clicking on links which has been quickly followed by a feeling of panic and dread as victims wonder what’s going to happen next and if there’s any way they can reduce the damage.
If you are in the unfortunate position of having clicked on a phishing link or downloaded a malicious attachment, there are a number of steps you should take immediately.
1. Disconnect Your Device
The first and most important step you need to take is to immediately disconnect your device from the internet. The best way to do this is to unplug the internet cable from your computer or laptop. If you are connected through a Wi-Fi network, you'll need to access your Wi-Fi settings and disconnect from the current network or turn the power off to your router. This will help reduce the risk of malware spreading to other devices on your network and prevent an attacker from remotely accessing your device.
2. Back Up Files
As soon as you have disconnected your device from the internet, the next step is to back up your files. In the aftermath of a phishing attack, data can easily be destroyed or deleted so it's important to make back ups of all your documents and sensitive information, as well as personal files such as family photos and videos.
Data can be backed up on to an external hard drive, USB or cloud storage. In the event of an attack, it's important to have offline back-ups of your data to make sure you don't lose any personal files.
Check out the Ultimate Guide To Phishing
3. Scan System for Malware
The next step is to scan your machine for malware using anti-virus software. You will need to launch the program and conduct a full system scan. If an error message pops up notifying you that you cannot run the scan as you're not connected to the internet, ignore this. You will still be able to run a scan offline. If you're connected to the internet you will increase the chance of malware spreading through the network so it's important to remain disconnected.
Leave your machine to scan and don't touch your device during this process. As soon as the scan is complete, you will be notified if any suspicious files were found and instructed whether to delete or quarantine them. Depending on your level of technical expertise, the scan can be conducted by yourself with a reputable Anti-Virus software program, or you can take your device to a professional to make sure it's thoroughly cleared of any potential malware.
4. Change Your Password
It’s important to change your password as soon as you suspect you have become victim to a phishing attack. One of the main objectives of a phishing attack is to steal personal information such as usernames, passwords, credit card numbers, bank details and other sensitive information. Malware is often embedded within a phishing link as it will harvest and store this data for an attacker.
If you've entered any personal information, you should change these details as soon as possible from an uncompromised machine. This will apply to all online accounts such as email, social media and banking.
Don’t make it easy for the criminals to gain access to your data by using the same password for multiple accounts. Choose a different password for each account or consider using two factor authentication as an extra layer of defence.
Despite the increasing sophistication and convincing nature of these emails, there are still some giveaway signs that may alert you to the presence of a phishing email. These include threatening language, a generic greeting, poor grammar, spelling mistakes, a mismatched URL, claims of prizes or a request for personal information. Legitimate businesses will never send emails or texts requesting you click on a link to enter or update personal data.
You should also read:
What is Spear Phishing and how to prevent against it
Top 5 Tips to Beat the Hackers