Don't Phish: 10 Steps You Can Take After Clicking a Phishing Link

You may feel embarrassed or even worried if you take the bait and click on a phishing link, but these types of threats are becoming more common. In fact, it happens to hundreds of thousands of people every year and the numbers are growing.

fear

In fact, some phishing attacks are more difficult to detect and are in a different category because they require a significant investment of time and meticulous planning by the attackers, which is why these attacks are also particularly convincing and successful.

It only takes a few minutes to fall victim to a scam, and IT professionals are not exempt from this risk. But what if you took the bait and clicked on a phishing link and suddenly realized it might have been a scam?

Roman Cuprik from the global digital security company team ESET gives 10 steps you can take after you've taken the bait.

Do not provide more information

Let's say you received an email from an online store that raises some suspicions, but you clicked on the attached link without thinking or just out of curiosity. The link sends you to a website that looks legit and yet doubts linger in your mind…

The simplest approach is to avoid sharing any additional information – don't type in your credentials or give out your bank account details. If the crooks were only after your data and didn't compromise your device with malware, you just got off the hook.

Disconnect your device from the internet

Some phishing attacks may force you to give the scammers access to your computer, mobile phone or other device. They may install malware, collect information about you and your device, or gain remote control of the compromised device.

To mitigate the damage, you need to move quickly. Start by disconnecting the compromised device from the internet.

If you are using a wired computer, simply unplug the network cable from your computer. If you are connected via Wi-Fi, disable the connection in the device settings or activate the “airplane mode” function on your mobile phone.

Back up your data

Disconnecting from the internet will prevent more data from being sent to the malicious server, but what about your data that is still at risk? Should back up your files, especially sensitive documents or files of high personal value, such as photos and videos.

Of course, backing up your data after an attack can be dangerous, as it may already have been compromised by malware. Chances are you'll be backing up the malware along with photos from your last birthday party.

Instead, you should back up your files regularly and proactively. If malware infects your device, you can recover your data from an external hard drive, USB stick, or cloud storage service.

Run the command to scan for malware and other threats

Run a full scan of your device using anti-malware software from a trusted provider while the device is still disconnected from the internet.

Ideally, it would also be advisable to run a second scan using, for example, the ESET free online scanner. Download the scanner either to the computer or possibly to a separate device such as a USB hard drive, which you can then insert into the exposed computer and install the software from there.

Do not use the device during the scan and wait for the results. If the scanner finds suspicious files, follow the instructions to remove them.

If the scanning process does not detect any potential risks, but you still have doubts, contact your security vendor. And if you're not already using some layered, anti-malware software with anti-phishing features, get one!

Consider doing a factory reset

Factory reset means restoring the phone to its original state by removing all installed apps and files. However, some types of malware may remain on your device even after a full reset, but chances are that erasing your mobile device or computer successfully removes any threat. Remember that factory reset is irreversible and will delete all data stored locally. That's why the experts say it again and again: back up regularly!

Change your codes

Phishing emails can trick you into revealing your sensitive data, such as ID numbers, bank and credit card details or passwords. Even when you don't give out your information, it's possible that if malware is installed on your device, it will detect it.

If you think this is the case, especially if phishing emails ask you to hand over a specific login – for example LinkedIn passwords – you should change your login details immediately, and you should do the same if you use the same password across multiple accounts, such as your email, online banking and/or social media.

These situations highlight the importance of use unique usernames and passwords for different online services. Using the same credentials across multiple accounts makes it much easier for attackers to steal your personal data or money.

Contact banks, authorities and service providers

If you have provided bank/credit card details or login details for a website with access to your cards, please inform your bank immediately. Your card can be blocked or frozen to prevent future fraud and you can prevent or minimize any financial losses. Remember to check if your bank (or other compromised payment service) has a refund policy for fraud victims.

To prevent other people from falling prey to this scam, you should also contact the authorities.

Look for differences

Cybercriminals who successfully break into one of your devices or accounts may try to establish their presence there for as long as possible. They may change login details, email addresses, phone numbers, or anything else that may help them establish their hold on your account.

Check your activity on your social media accounts, banking information and your online purchase history. For example, if you spot payments that look strange, unfamiliar or unauthorized, report it, change your login details and request a refund.

Scan for unrecognized devices

If hackers stole your account information, chances are they tried to log in from their own device. Most social networking platforms keep a record of current login sessions as part of their privacy settings. Go check it out and force disconnect for any unknown device.

Notify your friends, contacts, service providers and employer

Sometimes scammers use your contact list on a compromised account to spread phishing links or spam. Take steps to prevent others from falling victim.

If a cyberattack involves your business accounts or employer-sponsored devices, follow your company's rules for dealing with cyberattack incidents and report the case to your supervisor and IT immediately. Major email services such as Outlook or Gmail also offer tools to report phishing emails directly from your inbox.

If you stay cool and follow the tips above, you'll be one step ahead of the threats you might face.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).