What to Do If You Open a Phishing Email
Identifying and knowing what to do if you open a phishing email can mean the difference between total data loss and saving your machine from ransomware or yourself from financial devastation. According to the US Federal Bureau of Investigations, Phishing emails were responsible for over five billion dollars in losses in 2016. A survey of 1000 office workers, revealed some covering statistics. Although 70% of those surveyed reported that their companies provided cyber security training, still 21% of them had been the victim of a phishing email scam. [1] This of course, encompasses the people who actually realize they had been the victim, and not those who did not realize it.
What are phishing emails?
Phishing emails are an email that is constructed to obtain personal information from the recipient. Phishing emails use trickery, copying content from legitimate websites, and clever wording to track the recipient by clicking on a link and entering in data such as a password, account numbers or other sensitive data. Phishing emails are sent out in large groups to increase the rewards reaped by the same. Individual or small groups of phishing emails can also be employed These are called spear phishing because they are more focused.
What Should You Do If You Open a Phishing Email?
Disconnect Your Device! If your laptop, tablet, phone, is suddenly locked up due a click you should not have made, disconnect from the internet immediately! Laptops still have a function key that can kill the connection to WiFi. If you can no longer access the device’s screen, then shut off the router until you can stop whatever malware is running.
Backup Your Device
While you still have control over and access to your tablet or laptop, backup your data. The other day I lost my phone to a short in the charging port. Although I could no longer plug a cable into to back it up to my laptop, I was able to send files to Google Docs. My contacts were backed up to my service provider.
Scan Your System for Malware
Now that you are sure you opened a phishing email, scan your system for malware, ransomware, or any other newly installed app. Keep in mind that it takes more than looking at the recently installed program. A clever malware will hide itself from this view.
Change Passwords
The next step to take when you have opened a phishing email is to change all passwords. If you have another device, use that instead. For example, if your laptop is where you opened the phishing email, then use another machine or your smartphone to change passwords. In case your machine is infected with something that can record keystrokes, using a different device to change passwords is a better choice until the infected machine is cleaned up.
Enable on Two-Factor Authentication (2FA)
Have you heard of two-step or two-factor authentication? It’s a feature available on many online accounts, including financial and social media settings. Two-factor authentication means it takes two actions to sign into an account. That way a hacker must get more than just a password to gain access to your account. For example, to login into your online banking, you may have to enter a password in a web browser. The system would then send a text message to the phone associated with the account. You would then have to reply to the text to successfully log into the account in the web browser that the sign-in process initiated with
Run Anti-Virus Software
Assuming you completed all of the above steps successfully and still have control over your device, then run some anti-virus software. Be careful here! You definitely don’t want to run any program that was on the web pages or apps contained in the phishing email. Also, beware of shady websites that purport to have anti-virus software. Stick to names you know and trust like Norton or MacAfee. Many internet service providers offer free anti-virus software for their paying customers.
If the web page you went to was supposedly one of your financial instructions like a bank or credit card, then contact them to report the incident. You will be able to add fraud alerts and additional credit protection on your credit files.
Source:
“What’s the biggest detriment to your organization’s data?” Intermedia.net, www.intermedia.net/report/datavulnerability2017.
