We all make mistakes. Even clicking on a phishing link can happen to the best of us – sometimes we are in a hurry, or sometimes the phishers are exceptionally clever with their ruse. Whatever the reason, it’s important to be safe and salvage as much of the situation as you can. Here’s a list of steps to follow after follow after clicking on a phishing scam.

The 10 Steps to Protect Yourself

  1. Don’t panic! First, make sure that you have been phished. Merely opening a phishing email and reading it will not affect your computer. Nor will accidentally downloading a .zip file that contains malware. It’s only when you unzip the file and then open the document or program inside then you are likely compromised. Knowing the difference can save you from unnecessary stress.
  2. If you believe you have indeed been phished, immediately disconnect the computer or device from the Internet or network. If it’s a desktop or laptop connected via ethernet cable, unplug it. If you are on WiFi, pull up the menu and turn it off or forget the network.
  3. Notify your supervisor if you have one. This is the difficult part, as many people are embarrassed about their mistake and worry they will get in trouble. Don’t be afraid: a company with a good phishing policy should not blame the employee. Additionally, every second you delay can potentially make the problem worse.
  4. Scan your computer for viruses, especially if you opened an attachment. Many phishing emails contain malicious code that can capture keystrokes or take over computers or networks. Microsoft has a free tool, and for Mac there is a free version of Malwarebytes.
  5. Change usernames and passwords. If the phishing email sent you to a phony site and asked you to enter your credentials, it probably captured that info. To be on the safe side, change all user/passwords for important sites like work email, bank accounts and social media.
  6. Forward the email to IT, if you have one. If you work for a large company, there may be a specific email address to send phishing emails. You’ll want to include the header information, which shows where the email was sent from; the easiest way to do so is to drag and drop the phishing email into a new email and send.
  7. Flag the email as phishing. In programs such as Outlook, there are options to flag the email, which sends the info to Microsoft. Check your program’s email instructions for further info.
  8. Forward the email to the Federal Trade Commission at spam@uce.gov. You should also forward to the Anti-Phishing Work Group at phishing-report@us-cert.gov. Again, include the headers by dragging and dropping the email. If you think your identity has been stolen, go to https://www.identitytheft.gov/ and follow the instructions.
  9. Alert the business or person the email appeared to be from. This could prevent further attacks, especially if the phishers have hacked into their system and are using their account.
  10. Evaluate the vulnerabilities of your business. Are there others in the company that can or have made similar mistakes? It may be time to implement stronger anti-phishing policies and add real-world simulations to help prevent further breaches.

How to Evaluate Your Vulnerabilities

To help you with the final step, InfoSec Institute has created SecurityIQ, a platform that contains training, simulation and mitigation tools that can be used by businesses of any size. AwareEd includes interactive videos and tests designed to educate employees about phishing scams and how to avoid them; PhishSim allows administrators to test the vigilance of their workforce by sending fake phishing emails and monitoring the results.

Additionally, SecurityIQ contains a tool that integrates with Outlook called PhishNotify+ Defender, which lets you adjust the email settings of any user remotely. It can strip emails of links as well as highlight suspicious URLs. This could be applied to learners that fail any AwareEd courses or click on a phony PhishSim link, decreasing the likelihood of an accidental click during a real breach.

Security Awareness

The Outlook plugin also adds a Quarantine function to every inbox. This way, your employees can immediately flag a suspicious email and prevent it from being accessed for 14 days, or until an administrator clears or deletes it.

Currently, InfoSec Institute is offering a free trial of a Premium Account with unlimited functionality. Join today and prevent an accidental click tomorrow!

Sources

Download Malicious Software Removal Tool, Microsoft

Free Anti-Malware & Malware Removal, Malwarebytes