Realizing that you have been a victim of phishing is a terrifying experience. Phishing has rapidly evolved over the last decade, which means that these attacks have become more sophisticated than ever. They allow attackers to gain confidential information which could put your personal and business finances and data at great risk.
What is Phishing?
Phishing is the predominant modern cybersecurity threat and this tactic accounts for more than 90% of all cyberattacks. Phishers generally employ social engineering techniques to craft well-researched and convincing attack campaigns.
The most common tool used by phishers is email. Typically, a malicious actor poses as a reputable party and sends emails to unsuspecting victims intending to obtain sensitive credentials or get them to install malware. Phishing emails usually contain malicious URLs that direct users to fraudulent websites.
Attackers are increasingly employing stealthy file-less techniques which makes it harder to detect. By the time you realize what is going on, your credentials have been stolen or malware has been installed on your device.
You Clicked the Link, What Now?
No matter how careful you are, anyone is susceptible to clicking a suspicious link. These emails can be quite a costly click, and the damage often happens behind the scenes so the average person might not notice.
For example, PayPal scammers send you a malicious email saying your account has an issue and they prompt you to click a link to “fix the problem.” You click this link and you are redirected to a plagiaristic login page of PayPal. Unsuspectingly, you key in your log-in credentials not knowing that cybercriminals are collecting this information.
So when you realize that you have slipped up and fallen prey to these fraudsters what should you do?
1. Disconnect Your Device from the Internet
The moment you realize that your device has been compromised, disconnect it from the internet immediately. If you are using a wired connection, unplug the internet cable (Ethernet cord) from your computer. If you are using a wireless connection like Wi-Fi, disconnect from the current network on your device, or alternatively just switch off the router.
By doing this, you reduce the risk of malware from completely downloading and embedding itself or even spreading to other devices on your network. It can also prevent the malware from sending out crucial information from your device and even disconnect any remote access.
2. Scan Your System for Malware
Using antivirus or antimalware software, run a full scan of your system for any suspicious software or files. Ensure that you remain disconnected from the internet during the scan even if you get prompts that the program could not connect to the internet.
Depending on your device, the scan may take some time to run. Be patient and do not do anything else on your device while the program scans it. Ensure that you are using an up-to-date program with updated virus definitions and that your device has the latest security patches installed.
Note that malware has evolved significantly over the years and sometimes gets disguised as legitimate operating files. This makes it difficult for the antivirus software to detect and weed out these malicious software and files. If you notice that your device still has issues, then it would be wise to have it checked by a tech professional.
3. Backup Your Data
Once you ascertain that your computer is free from the immediate threat, you should back up your files. A phishing attack might damage or erase your data so it is wise to regularly back up your files. Be careful not to have your backups infected as well, especially if the phishing link installed ransomware into your device.
Your backups should be stored in a separate and safe place probably on an external drive that is not continually connected to your network or cloud storage. Focus mostly on protecting particularly sensitive documents and information including irreplaceable files like photos and videos. If possible, save whatever you can from your machine.
4. Change Your Credentials
Phishing links are usually used to harvest sensitive information such as online usernames and passwords, credit card info, bank account details, and other identifying information. The best course of action is to immediately change your log-in details if you still have access to the compromised accounts. If possible, secure everything from online banking, social media, and shopping accounts, you name it.
Use two-factor verification wherever possible for maximum security. In addition to this, use hard-to-guess passwords and avoid using the same username and passwords for multiple online accounts. This will make it harder for fraudsters to steal your credentials, access your personal information or even steal your funds.
5. Report the Scammers
Cybersecurity has become a significant part of our highly digital world. Several agencies have been set up to counter cybercrime today. If you realize that you have received a malicious email, you can report these and reduce the probability of someone else falling victim.
Forward any suspicious emails to the FBI’s Federal Trade Commission at firstname.lastname@example.org. This will facilitate the investigation and tracking of these fraudulent individuals and will deter future attacks. The fight against cybercrime is collective and requires multi-agency collaboration starting with you.
Even with increased security budgets and investment in cybersecurity, cyberattacks are still on the rise every day. Phishing links have become the preferred tool for cybercriminals. Nobody is immune to falling prey to sophisticated phishing attacks in today's digital age. This means that you have to stay vigilant and build a cyber security-aware culture. Knowledge is power, and it is only when more people are educated on cybersecurity can we counter the rampant threat of cybercrime.