More people than ever are getting caught out by phishing scams and clicking on links that are designed to steal sensitive information or infect their computer with malware.
We hear about these scams week in and week out in the press and think there’s no way we would fall for these elaborate hoaxes. However, as we’ve become more knowledgeable about the signs of a phishing scam, the attackers have become more sophisticated and targeted in their approach.
The phishing emails that we receive in our inbox are increasingly well written, personalised, contain the logos and language of brands we know and trust and are crafted in such a way that it’s difficult to distinguish between an official email and a dodgy email drafted by a scammer.
The increasing sophistication of these emails has tricked many people into clicking on links which has been quickly followed by a feeling of panic and dread as victims wonder what’s going to happen next and if there’s any way they can reduce the damage.
If you are in the unfortunate position of having clicked on a phishing link or downloaded a malicious attachment, there are a number of steps you should take immediately.
1. Disconnect Your Device
The first and most important step you need to take is to immediately disconnect your device from the internet. The best way to do this is to unplug the internet cable from your computer or laptop. If you are connected through a Wi-Fi network, you’ll need to access your Wi-Fi settings and disconnect from the current network or turn off the power to your router. This will help reduce the risk of malware spreading to other devices on your network and prevent an attacker from remotely accessing your device.
2. Back Up Files
As soon as you have disconnected your device from the internet, the next step is to back up your files. In the aftermath of a phishing attack, data can easily be destroyed or deleted so it’s important to make back ups of all your documents and sensitive information, as well as personal files such as family photos and videos. Data can be backed up on to an external hard drive, USB or cloud storage. Offline back-ups will ensure that in the event of an attack, you won’t lose any personal files.
3. Scan System for Malware
The next step is to scan your machine for malware using anti-virus software. You will need to launch the program and conduct a full system scan. If an error message pops up notifying you that you cannot run the scan as you’re not connected to the internet, ignore this. You will still be able to run a scan offline. If you’re connected to the internet you will increase the chance of malware spreading through the network so it’s important to remain disconnected.
Leave your machine to scan and don’t touch your device during this process. As soon as the scan is complete, you will be notified if any suspicious files were found and instructed whether to delete or quarantine them. Depending on your level of technical expertise, you could conduct the scan yourself using a reputable Anti-Virus software program, or you can take your device to a professional to make sure it’s thoroughly cleared of any potential malware.
4. Change Your Password
If you suspect you’ve become the victim of a phishing attack, you should change your password immediately. One of the main objectives of a phishing attack is to steal personal information such as usernames, passwords, credit card numbers, bank details and other sensitive information. Malware is often embedded within a phishing link as it will harvest and store this data for an attacker.
If you’ve entered any personal information, you should change these details as soon as possible from an uncompromised machine. This will apply to all online accounts such as email, social media and banking.
Don’t make it easy for criminals to gain access to your data by using the same password for multiple accounts. Choose a different password for each account or consider using two factor authentication as an extra layer of defence.
Despite the increasing sophistication and convincing nature of these emails, there are still some giveaway signs that may alert you to the presence of a phishing email. These include threatening language, a generic greeting, poor grammar, spelling mistakes, a mismatched URL, claims of prizes or a request for personal information. Legitimate businesses will never send emails or texts requesting you click on a link to enter or update personal data.
You should also read:
If you would like further information on how to protect yourself from phishing and ransomware attacks, click here, to find out how MetaCompliance can help. Our MetaPhish Platform has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime.