What to do if you’ve had a phishing attack

What is phishing?

A phishing e-mail is one designed to make you click on a malicious link. This could encourage you to:

  • Divulge personal information such as passwords or bank information
  • Download malicious software such as spyware on to your device
  • Install ransomware which locks your files and ‘promises’ to release them when you pay money
  • May encourage you to make a payment to a criminal believing it is a real invoice or e-mail request

It could be sent by an automated system or it could be more targeted attack. A more targeted attack will identify you and aim to encourage you to click on a link that is particularly interesting or relevant to you.

First steps

  1. If you have clicked on a link and divulged your personal bank information, contact your bank immediately, the emergency details will be on your card. Change your password for a strong password.
  2. If you have downloaded malicious software follow the advice here.
  3. If you have ransomware on your machine, follow the advice here.
  4. If you have made a payment then contact your bank or credit card company immediately.

Who to contact

  1. Contact your bank if you have a made a payment
  2. Contact Action Fraud

Next steps

  • This is the type of attack which relies on peoples’ natural curiosity to tempt them to follow a link. The best guard against this is education.
  • Regularly back up your data to a device you can disconnect from your computer or network. This could be an offline back up in the cloud which does not automatically update or an external device. Check the integrity of the back up.
  • Be cautious of links in e-mails and attachments.
  • Ensure that you regularly update patches for operating systems, software, firmware, web browsers etc.
  • Install antivirus and anti-malware solutions and set these to regularly update and carry out regular scans. It is recommend that you do not rely on free versions of these.
  • Disable macro scripts for e-mail files, Office viewer software for opening Microsoft Office files might also be a consideration.
  • Ensure that you remove admin rights from users, and restrict the use of this.
  • Prevent or restrict the execution of programs in locations such as temporary folders used for internet, or zip files (compression/decompression programs) including those located in the AppData/LocalAppData folder.

Further action

Continually train your staff to help them to be aware of phishing emails. Often these can be very convincing but there may be clues such as spelling mistakes or having an urgency about them to encourage you to click on them.

Before you click on any link hover over it and see where they direct you before you click. If links are to a company’s website, visit the company’s website yourself rather than click on the link.

Take your time opening e-mails, always look for any typos, capital letters where there should be lower case, extra spacing and missing full stops. Be aware of and fuzzy or unclear logos. Take your time rather than respond to any ‘urgent action’ type e-mails.

For further advice on phishing e-mails visit Get Safe Online.

For examples of local threats from phishing e-mails visit the South West Regional Organised Crime Unit.