We’ve all heard horror stories about phishing emails. From your personal information being compromised, to experiencing a major personal financial loss or your company’s critical systems being held for ransom, the threat is very real.
While most of us have learned how to spot these dangerous emails, it is still possible for even a savvy computer user to fall prey to this type of scam. Hackers are getting more sophisticated every day in an effort to gain access to the sensitive information on your computer.
If you do click on a suspicious link, three likely scenarios will follow:
- You are sure ransomware has made its way on to your computer
Obviously, this is the worst-case scenario. Honestly, the only thing you can do at this point is immediately shut your computer off and call your IT department. Unfortunately, the options from here are still fairly limited and in some cases, there is no option other than paying the ransom.
If you’ve been backing up your computer to the cloud, you may be able to reset your computer completely, or purchase a new one and reload critical programs and files. This is one of many examples of the importance of always backing up your computer.
- You’re pretty sure your computer has been infected
If you’ve clicked on a suspicious link and your computer starts to act funny, you should disconnect from the Internet…immediately. Your first notion will likely be to call IT, and you should. However, disconnecting immediately may minimize the damage.
If you typed in any credentials into a potential fake website after clicking on the link then from there, you or your IT contact should change your credentials. Hopefully, you’ve already been using multi-factor authentication so the hacker will not be able to do anything unless they have access to your cellular phone. If you haven’t, now is the time to start.
If you have a risk assessment team then notify them so they can notify your co-workers to be on the lookout for similar emails. If you don’t have a risk assessment team then notify your co-workers directly. It’s common for hackers to target several addresses in the same domain. However, do NOT alert them by forwarding the email you received, as that will just create more risk.
Lastly, there is a misconception that you should backup your files after a phishing attack. This is a useless exercise…backing up infected files has no benefit. All of this should be mapped out in an incident response plan that all employees should be required to read.
- You experience issues days or weeks after clicking on an email
If you click on a suspicious link and nothing happens immediately, you may think you are in the clear. But days or weeks later, you may start noticing that your computer is acting strangely. Maybe it is working slow, or maybe programs close buy themselves or it keeps crashing. People may tell you that they are receiving weird emails from you, emails that you know you never sent.
In a scenario when you are unsure if you’ve been infected, it’s best to contact your IT Department first. They will be able to investigate, look at reports from your antivirus software and make an assessment.
You should still immediately change your credentials and implement multifactor authentication to protect your data and avoid more significant damage.
Questions about how to ensure your employees avoid phishing scams, or how they should react if they fall for one? Send us a note at [email protected].