Phishing is a threat disguised as a reputable organization or familiar individual who reaches out through a fabricated email and aims to obtain your sensitive information. Most will be in the form of an email urging you to take urgent action. One example may be an email specifying that your account will shut down unless you click their link and log in within a certain amount of time (they will then steal your username and password). Another could be a fraudulent business (that appears as a real, familiar brand) suggesting that your credit card has expired and pushing that you update with new card information (this is where they steal your credit card number).
If it sounds as if a fake, fraudulent email should be easy to detect, think again. Hackers can quickly accumulate information about you online to determine what triggers you'll likely respond to. They may learn that you live in Illinois, work for XYZ company, and do your banking with Chase. When they send a phishing email that looks like it's from Chase and includes your personal information, you may assume it's real and log into their hacked URL without even thinking twice. At this point, it's too late; they already have your username and password and can now log into your real Chase account.
So what do you do if you've already handed over personal information?
Immediately change your password from your real account and your username if possible. If this was a bank or credit company, alert them of suspicious activity and that your account has been compromised.
Disconnect your device from the internet and networks. If malware has affected your system, this will reduce the risk of it spreading to other systems and devices.
Perform a complete offline anti-virus/malware scan of your system. You may get popups prompting you to connect to the internet - ignore these, as this is likely the malware talking. Follow the scan instructions on any malware found on how to quarantine and clean.
Check all relevant accounts for identity theft.
Ensure all employees are aware of the compromise, the email sent (take a screenshot if possible), and what to look out for to prevent another victim.
Check for previous data backups and backup anything that may be lost if malware is to spread.
Report the incident to the Federal Trade Commission (FTC).
Prevention of phishing scams going forward:
- Block similar accounts and adjust email spam filter.
- Invest in software to help filter and catch these emails before they reach your employees' inboxes.
- Ensure antivirus and malware software is installed on all computers. This will help catch and quarantine anything malicious if someone triggers an installation on their device.
- Become familiar with how to spot phishing attempts and educate employees on how to be cautious. A detailed list of red flags to look out for can be found here.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article