The average person receives over 100 emails per day and, on average, one of those will be a phishing email that managed to wiggle its way past your email provider’s spam and malware filters and into your inbox. Depending on the user information’s exposure to the dark web, that number could be even greater.
Why so many phishing emails? Because they work. The 100 email average means that in addition to all of the standard distractions of the workday, you’re constantly receiving a barrage of messages from co-workers, friends and relatives. It’s all too easy to click a link in an email marked “URGENT” without double-checking the sender or looking for telltale signs of a carefully crafted scam message.
If you do click a link in a phishing email, don’t panic, but do follow these steps.
Change your account credentials: If you followed a phishing link to a site and then entered in your login credentials, you need to act quickly. Change the passwords on any potentially compromised accounts and be sure to activate 2-Factor authentication if you haven’t already. If you reuse the same password across multiple accounts (you shouldn’t, but most people still do), change every account that uses that same password.
Disconnect your devices from the internet: If you downloaded software from a malicious link, it’s a smart idea to quarantine the infected device so it can’t spread to other devices on your network–especially if you’re connected to a work network. Ransomware often propagates quickly through networks to gain access and lock others out. Disable your wifi or unplug your network cable (or both) and get in touch with your IT provider immediately. If possible put the system to sleep, rather than shutting it down as some ransom/malware may make matters worse with a reboot.
Run scans on your devices: If you already have security software installed that you manage yourself, run a deep scan on any device that may have been infected. If you don’t, or aren’t sure how to use it, consult an IT technician.
One the smoke clears a little bit, take these preventative steps:
Freeze your credit: Freezing your credit is free and it means that any information exfiltrated from your devices can’t be used to open new accounts in your name. Do the same for others in your household if you haven’t already, especially your children.
Get a password manager: If you reuse passwords, all it takes is one compromised account to function as a skeleton key to your digital life. Get a password manager, or use Google Chrome or Firefox’s built-in managers. In 2022, there’s no excuse to continue using the same login across sites.
Backup your data: If your device is hopelessly compromised by malware, spam, ransomware, etc. you may just need to start from scratch. If you had the foresight to invest in at least one form of backup to be able to restore your data, you’ll be thanking yourself. If not, beware backing up an already compromised system as it will likely also have the malware on it and will infect any system you attempt to restore your data to. An IT professional may be able to help you clean the backup before restoration, but nothing beats having a backup from before the incident.
Invest in phishing detection services and security awareness training: Your organization is as vulnerable as your least security-savvy colleague or employee. Build phishing prevention and detection into your and your company’s workplace culture to avoid the lost time, money and productivity that can result from a single click on the wrong link.
Wondering how to secure your devices and your workplace from phishing attacks? Nodal can help! Contact us today to find out more about our advanced phishing detection services for Google Workspace and Office 365 and our security awareness training.