What to do if you’ve had a phishing attack

phising-attack-south-west-cyber-security-cluster-bg-003

What is it?

A Phishing email is one designed to make you click on a malicious link.  This could encourage you to

  • divulge personal information such as passwords or bank information
  • download malicious software such as spyware on to your device
  • install ransomware which locks your files and will only release them when you pay money.
  • May encourage you to make a payment to a criminal believing it is a real invoice or email request.

It could be sent by an automated system or it could be more targeted attack. A more targeted attack will identify you and aim to encourage you to click on a link that is particularly interesting or relevant to you.

First steps

  1. If you have clicked on a link and divulged your personal bank information, contact your bank immediately, the emergency details will be on your card and change your password for a strong password.
  2. If you have downloaded malicious software follow the advice here.
  3. If you have ransomware on your machine follow advice here
  4. If you have made a payment then contact your bank or credit card company immediately

Who to contact

  1. Contact your bank if you have a made a payment
  2. Contact Action fraud

Next steps

  • This is an attack which relies on peoples natural curiosity to tempt them to follow a link.  The best guard against this is education.
  • Regularly back up your data to a device you can disconnect from your computer or network. This could be an offline back up in the cloud which does not automatically update or an external device.Check that the integrity of the back up
  • Be cautious of links in emails and attachments
  • Ensure that you regularly update patches for operating system, software, firmware, Adobe Flash, web browsers etc
  • Install antivirus and anti-malware solutions and set these to regularly update and carry out regular scans. It is recommend that you do not rely on free versions of these.
  • Disable macro scripts for email files, Office viewer software for opening Microsoft Office files might also be a consideration.
  • Ensure that you remove admin rights from users, and restrict the use of this
  • Prevent or restrict the execution of programs in locations such as temporary folders used for internet, or Zip files (compression/decompression programs) including those located in the AppData/LocalAppData folder.

 

Further action

Continually train your staff to help them to be aware of phishing emails. Often these can be very convincing but there may be clues such as spelling mistakes or having an urgency about them to encourage you to click on them.

Before you click on any link hover over it and see where they direct you before you click. If links are to a company’s website, visit the company’s website yourself rather than click on the link.

Take your time opening emails, always look for any typos, capital letters where there should be lower case, extra spacing and full stops missing.  Be aware of and fuzzy or unclear logos. Take your time rather than respond to any ‘urgent action’ type emails.

For further advice on phishing emails visit Get Safe Online

For examples of local threats from phishing emails visit  Zephyr South West Regional Organised Crime Unit