So You have Been Phished. What Now?

So You have Been Phished. What Now?

New York, October 6th, 2022

iQuanti: Over two million domains are connected to phishing attacks. Unfortunately, with such a high number, it’s difficult to avoid them if you aren’t on the lookout.

What is phishing?

Phishing is a cyberattack where cybercriminals disguise themselves as legitimate organizations or other trusted entities to trick the target into providing private information like login credentials, credit card details, or even their social security number (SSN).  

Personal risks to falling victim to phishing

• Money stolen from your bank account
  
  
• Fraudulent credit cards charges
  
  
• Loss of access to personal files, including photos and videos
  
  
• Identity theft where cybercriminals impersonate you to friends or family, putting them at risk

Risks to your business

• Loss of corporate funds
  
  
• Exposing customers’ and coworkers’ personal details
  
  
• Loss of data
  
  
• Reputational damage to your company
  
  
• You clicked a link in a phishing email by accident 

First, if you receive a suspicious message, you should not open any links or attachments within the message. If you already clicked the link, you were likely redirected to a web page where you are prompted to fill in sensitive information like credit card details or your SSN. Do not enter these details as they will go directly to the attacker for personal gain.  

If you have gone beyond clicking the link or attachment and accidentally entered your information, you should conduct a full malware review of your device and system.  

Once you have completed the scan, back up your files and change your passwords; even though you may not have given away those details, you may have inadvertently given the attackers enough leeway to obtain other personal identifiers.  

Simple next steps if you think you may be the victim of a phishing scam

When you doubt a message from a seemingly legitimate organization, contact the organization that supposedly emailed you instead of responding or interacting directly with the message. Scrutinize suspicious emails and messages. Check for spelling mistakes, faulty grammar, or a wrong-looking logo, which can indicate phishing. If you accidentally click a phishing link, close the page and do not input any details. Run virus scans and back up your files frequently.

Preventing phishing attacks

To protect against spam messages, you can use a spam filter that can effectively assess the message’s origin and the software used to send the message. In addition, a spam filter may be able to determine whether a message is spam or not based on its appearance.

You can be proactive by changing your browser settings to prevent accidentally clicking on a fraudulent website. For example, when you set your browser to only allow reliable websites to open, the fraudulent address would be blocked - alerting you with a popup message.

Another way to ensure security is to change your password as frequently as every three months and don’t use the same password on multiple accounts.

Final thoughts

The success of phishing attacks hinges on whether or not the target is educated on how these scams work.