Phishing scams are sophisticated social engineering attacks designed to trick people into clicking malicious links or giving away personal information. As they become more common, and more convincing, it is easy to accidentally engage with one without realizing the potential consequences. If you have opened a phishing email, or even clicked on a link, there is no need to panic. Knowing how to respond can protect your business from serious harm.
Here is what you should do if you open a phishing email:
1. Don’t Click on Any Links or Download Attachments
If you open an email and then find out it is a phishing attack, the most important step is to avoid clicking on any suspicious links or downloading attachments. These are malicious, and will either download malware onto your device or lead you to a fake website designed to steal your information. Additionally, do not give away any sensitive information without first verifying through a separate channel that you are speaking to the correct person.
What to Do if You Click on a Phishing Link:
Despite your best efforts, it is still possible to click on a phishing link without realizing. If you have already clicked on a link or attachment, do not enter information on pages that load. Close any tabs that open, and if possible, cancel any downloads. These actions can help minimize potential damage.
2. Disconnect
If you suspect that you have downloaded something malicious, disconnect the affected device from the internet and from any company networks. This can prevent malware from communicating with its command-and-control servers, or spreading any further through your business. While this may seem extreme, you must remember that often, the goal of a phishing scam is only to gain a foothold that threat actors then use to access your entire company. Preventing lateral movement is critical.
3. Run Some Scans
Run a complete antivirus and anti-malware scan on the affected device, whether you have clicked on a link or not. Most basic software can detect and remove common phishing malware. If your scans detect any problems, follow the instructions provided by your software to delete or quarantine the threat.
4. Change Passwords for Sensitive Accounts
Change any compromised login credentials immediately. This may include your own or those of staff, depending on what has been breached. If you suspect a certain application or website has been compromised, it is safer to change every password associated with it. If you see an option that ends all sessions, enable it. If you have not already, enable multi-factor authentication (MFA) for all users at this time.
When creating new passwords, all personnel should follow these standards:
-
Use strong, unique passwords that combine uppercase and lowercase letters, numbers, and special characters.
-
Avoid using personal information, like birthdays or names, that attackers could guess.
-
Consider a ‘passphrase’ rather than a single word. It may be easier to remember, and is much harder to crack due to the added length and complexity.
5. Report the Attack
Any cyber threat should be reported to your IT team or managed service provider (MSP), any necessary authorities, and any individual who you believe has fallen victim (e.g. staff, stakeholders, or customers). You can also report emails directly to the email provider, which may help them prevent similar attacks in the future.
If the email is claiming to be from a specific company, consider alerting them to the scam. This will allow them to take their own protective measures, such as reporting the attack or informing their customer base.
6. Monitor Your Accounts
After taking initial protective steps, you must keep a close eye on all accounts to ensure that no threat remains. Look for any suspicious activity, such as unauthorized logins or unusual transactions. If you notice anything out of the ordinary, treat it as an ongoing cyber-attack, inform your IT staff or MSP, and implement your incident response plan.
7. Educate Personnel on Recognizing Phishing Attempts
Once your accounts have been secured, organize a training session to educate staff on phishing scams. Even if you have already provided this in the past, a refresher course is never a bad thing. Teach them to watch for these warning signs:
-
Suspicious sender addresses: Many phishing emails come from addresses that don’t match the organization they’re impersonating.
-
Generic greetings: Phrases like “Dear Customer” or “Hello User” are common in phishing emails.
-
Spelling and grammar errors: Legitimate organizations usually proofread their communications, whereas phishing emails often contain errors.
-
Urgency or scare tactics: Social engineering attacks typically pressure recipients to act quickly by threatening account closure, suspensions, or fines.
-
Unusual links or attachments: As mentioned above, these often signal malware or an attempt to steal information.
How to Recover From a Phishing Attack
While it may seem difficult to recover from a phishing attack that has already caused damage to your business, it is not impossible. Once you have completed the above steps, have your IT staff or MSP take action to remove the threat. Scan your entire network for additional threats. It is possible that lateral movement occurred before you were able to stop it, so you must check every part of your IT infrastructure. If you detect any threats, stop and begin the entire process again from step one. Repeat until no threats are detected, then recover any lost data.
If you have reason to believe data has been compromised, particularly personal data, contact your legal team and PR team for advice on how to proceed.
Ready to learn more? Cybersecurity Services: A Guide for Businesses
Prevent Phishing Scams With the Right Education
Opening a phishing email or accidentally clicking on a malicious link may feel like a devastating blow, but it doesn’t need to be. If the correct precautions are taken, it is possible to minimize any potential damage and get out of the situation unscathed. Remember that phishing scams, like all social engineering attacks, are designed to trick people – so staying informed is essential to protect your business and your data.
Soaring Towers provides comprehensive cybersecurity awareness training designed to transform your staff into a powerful anti-phishing defense. We understand that knowledge is your most powerful weapon, and we have the expertise needed to put it straight into your employees’ hands. Learn how Soaring Towers can help defend your business from phishing scams today.
