Let’s face it. We all make mistakes.
Even clicking on a malicious link in a phishing email can happen to the best of us. Sometimes it’s because we’re in a huge hurry and overlook double checking everything before making a click, or sometimes the phishers are exceptionally clever with their scam.
Whatever the reason for your user clicking on that link or email attachment or replying with sensitive information they should have thought another second before sending, we all make mistakes. Today I want to walk through some steps to take after clicking on that phishing scam.
NOTE: Consider having your team trained with our upcoming FREE webinar on the latest phishing attacks:
Bruce McCully
May 2, 11 AM ET
The synopsis:
Are you rolling out the red carpet to hackers, thieves, and scammers? What can you do to keep from mistakenly giving a hacker everything they need to get into your network? In this 45 minute webinar, Bruce will reveal the 3 major signs you are being phished, how you can recognize them, and avoid being hooked!
Here are those steps:
Don’t panic—first and foremost, make sure that you have been phished. Often, merely opening a phishing email and reading it will not affect your computer at all. Nor will downloading a zip file that contains a virus. It’s only when you unzip that file when the virus spread across your computer and jumps onto other devices on your network. Before you panic at all, take a deep breath and call our office (we’ll check your computer and network and even if there is a problem, we have a team of security experts that know how to recover from even the worst attacks). Don’t pile on the stress because we’ve got your back.
Disconnect—we’ll likely tell you to disconnect your computer or device from any network if you’ve been phished. We suggest you do this immediately as a precaution. Viruses tend to quickly spread across networks and what we don’t want happening is having to affect other colleagues from being able to access their files.
Unplug your computer either by unplugging the Ethernet cable or turning off your WiFi connection (there might be a button on your keyboard or pull up the wifi menu on your device and either turn it off or click on ‘forget this network’).
Notify your supervisor—if you have a tech contact or supervisor, let someone know that you have a problem with your computer. Don’t be afraid—it’s not your fault. But every second you delay can potentially make the situation worse.
Scan your computer for a virus—especially if you opened an attachment, you will want to run an antivirus program that has been kept up to date (note: if your computer is covered by Dynamic Edge, it will have updated antivirus on it). If you give us a call, we will perform this step and go a step farther by verifying through a few other tools that any virus is off of your machine.
Change your usernames and passwords—if a phishing email sent you to a phony website and asked for you to enter your credentials, it likely stole your login information. Make sure you change ALL user passwords for important accounts—personal and work-related just to be safe.
Forward the phishing email to us—make sure to forward your phishing email to us so that our security team can address it immediately. Make sure you include the header information, which shows where the email was sent from. The easiest way to do this is to drag and drop the phishing email into a new email and send. We will investigate why the email made it through your mail exchange system and will also help inform others in your organization (and other organizations) to be on the lookout for a new scam.
Flag the email and phishing—in Outlook, you are able to actually flag an email as malicious. If you are a Dynamic Edge client, we will flag the email for you.
Make sure your organization is investing in sufficient cybersecurity—your BTM might have mentioned that there are all sorts of ways to make sure your business is protected from the latest cyberattacks. One of the easiest ways is to implement a FitSecure firewall—a smart firewall that will actually act like the TSA to detect malicious traffic going to and from your network. This firewall will actually prevent viruses from sending traffic off your network in the event a computer got infected, protecting your network from a ransomware attack.
Last but not least, train your users to be smart skeptics! I know a lot of you have received emails and got a gut feeling that something isn’t quite right. But maybe you clicked anyway? Learn from the mistakes of others by attending Bruce’s webinar on avoiding phishing attacks THIS week:
Bruce McCully
May 2, 11 AM ET
The synopsis:
Are you rolling out the red carpet to hackers, thieves, and scammers? What can you do to keep from mistakenly giving a hacker everything they need to get into your network? In this 45 minute webinar, Bruce will reveal the 3 major signs you are being phished, how you can recognize them, and avoid being hooked!
