Phishing is perhaps the most dominant cybersecurity threat to businesses today. Phishing emails are supposedly from a reputable source, but cyber criminals are trying to trick victims into giving away important personal information, or infecting their computer or mobile device with dangerous malware.
While some phishing emails are easy to spot, others are far more convincing, and at a glance are almost identical to a genuine email from a well-known organisation. And if you’re distracted, you could easily mistake a phishing email for a genuine one, and click on a link.
But what should you do if you’ve clicked on a phishing link?
What Happens If You Click on a Phishing Link?
Phishing emails are designed to either steal login credentials, or infect a device with malware. If you notice that you’ve clicked on a phishing link, you should take the following steps as quickly as you can.
- Disconnect from internet
The first thing you should do if you click on a phishing link is to disconnect your device from the internet. This will reduce the risk of malware from spreading across your network and affecting other devices. It will also prevent the malware from sending out information to somebody trying to remotely access your computer. If you’re on Wi-Fi, switch it off in your PC’s settings. If you’re on a wired connection, simply unplug your ethernet cable.
- Backup your device
Once disconnected from the internet, you should now backup the files on your device. Documents and data can be lost as part of phishing recovery, so its important to create a copy of anything important. We’ll take this moment to say that we think documents and data should already be backed up to the Cloud. if you’ve only got a few files to backup, a good sized memory stick should do the job. If you’ve got a lot of data, you may need an external hard drive.
- Malware scan
With your files backed up, the next thing you need to do is run a scan for malware. If you aren’t particularly technically savvy, you may need to hire professional help for this. If you have and anti malware scanner installed on your system you should run it and let it run a full scan. It will then identify any malicious files and remove them from the system.
- Change credentials
it is better to be safe than sorry. If you’ve clicked on a phishing link, you should make an effort to secure your most important online accounts. All of your passwords should be unique, and you might want to think about changing passwords for your email accounts, online banking and anything else of particular importance. For bonus points, you should enable multi factor authentication where available. So even if through a phishing attack your password became vulnerable, having a second layer of protection will secure your online accounts.
- Scan other devices on network
If a malware scan does identify malicious files, you should consider running scans on other devices on your network to make sure that the malware hasn’t spread to them and compromised them. The process will be the same and enhances the security of your network afterwards.
- Enrol in cyber security awareness training
if a business user falls for a phishing scam, it is vital that training is provided to the whole organisation. Staff are at the core of your business, and unfortunately they are often at the heart of cyberattacks (often through no fault of their own). You should run fishing simulators for your team to see if they are likely to fall for phishing scams, and you’ll know if they need extra training.
As phishing emails get more sophisticated, it isn’t always easy to recognise them against genuine emails. If you’d like to set up fishing awareness training for your staff, get in touch with ACUTEC and speak to one of our consultants today.