Phishing emails are getting more sophisticated and harder to spot. In a phishing attack, the cyber criminal will send fake emails purporting to be from a genuine sender such as your bank, a trusted retailer or provider. In these emails, which on the surface appear to be genuine, the sender will try to trick you into giving away sensitive information such as your login credentials or bank details. Typically they do this by including a link for you to click on, which you think is taking you somewhere genuine, only it isn’t. Once you realise you have either clicked on a compromised link, or given away sensitive data, it’s important to react quickly to minimise the impact.
Here we provide some simple tips to help you and your business survive a phishing attack.
Don’t panic. If you panic you are likely to make the situation worse. Perhaps by deleting information that will later prove useful in determining where the phishing attack came from or how far it went. Stay calm and follow the steps below to help minimise the impact.
- Reset your password – even if you don’t think your password has been compromised, it is always a good idea to reset this as a first point of call. It may prevent cyber criminals from re-gaining entry to your device or network. Make sure you use a secure password that is not used for anything else and uses the right combination of words, letters, numbers or symbols as set by your IT department or provider.
- Notify the people that matter – depending on the size of your business you may have an internal IT department, or external provider that needs to be notified of any attack. The sooner you can do this, the better it will be in terms of preventing the attackers from getting further into your network to compromise more sensitive data. If you think that clients data, in particular personal data, has been compromised you need to notify the ICO within 72 hours of the breach taking place in order to meet UK GDPR requirements. The information you will need to give them will include when the breach took place, the number of personal data records concerned, a description of the consequences and an outline of the measures you have taken. This will help to mitigate the impact.
- Run malware scans – this will help to assess the scale of the damage and whether any malware has been installed on your computer. You should notify your IT provider or department about the results of any scans you run. This will make sure they are kept up-to-date about the extent of the attack.
- Keep a lookout for anything suspicious – if the data you have revealed is financial in nature, be wary of any payments that don’t make sense or any signs of identity theft. Maintaining a higher level of vigilance in the aftermath of a phishing attack might help you to stop cyber criminals in their tracks.
Minimise your future risk of phishing attacks
You can’t expect everyone within your organisation to able to identify and report suspicious emails, nor can you reprimand those who click on a link in what seemed to be a genuine email since attacks becoming more sophisticated. What is helpful, however, is to keep on educating employees about the latest phishing attacks and the signs to look out for.
This will include asking the following questions:
- Does the logo and design look the same as the ones you are used to seeing from that organisation or are they larger/poor in quality?
- Is the email addressed to you by name or does the greeting start with ‘hello friend/valued customer’ because the sender does not know you?
- Is the spelling and grammar the level you would expect from a professional organisation? Poor quality content could indicate the email is not from the said source.
- Does the email ask you to act urgently, such as within 24 hours? Or is there a link to click if you have been a victim? Beware as wording such as this can be a sign of a phishing email.
- Does it sound too good to be true? Then it probably is. Genuine organisations will not want you to give any money or gain access to secret information.
At Matrix IT we offer a range of cyber security services to protect you and your business from cyber threats such as phishing emails. If you want more tips on how to survive a phishing attack, our teams can provide this for you as part of our suite of cyber security services, click here to get in touch and find out more.