Measures after the Phishing
Attack
As
phishing schemes and emails become more common and harder to detect every day,
simply avoiding them is not enough.
While
there are countless tips and antivirus software to
help you detect and avoid phishing scams, what should you do if you or someone
you know falls in love with one?
What Is A Phishing Email?
A
phishing email is a message sent by a black or gray hat hacker with malicious
intent. Phishing attacks tailored to you are much more difficult to detect and
avoid, while others use generic tricks and are often sent in mass to hundreds
or thousands of addresses.
Phishing
emails contain information to trick you into trusting the sender and then
download an attachment, visit a website, submit information, or log into an
account using the fake link they provide.
You Fell In Love With A Phishing Email - Now What?
Phishing
emails are based on social engineering, which takes advantage of you,
effectively bypassing your cybersecurity software such as antivirus, firewall,
and spam filters.
It
only takes one wrong move. This could be because you didn't realize that the
sender's email has a small, intentional typo, or you didn't check the linked
website URL for accuracy and an SSL certificate (displayed as HTTPS). But falling
in love with a phishing email is not the end of the world.
Do
not panic. If you are fast but keep a cool head, you can come out unscathed and
more cautious than ever. There are mainly two ways you could fall for a
phishing email: downloading a file via email or revealing sensitive
information. Fortunately, you can limit the damage by acting quickly.
What To Do After Downloading A Malicious File?
Downloading
an infected file is one of the easiest ways attackers can access your files and
data. It can be an email attachment or a link to a website where you can
download the malicious file.
Anyone can fall for this. But you are more likely to know if you don't know what phishing emails look like, or if you don't have an antivirus with a malware detector to warn you of suspicious downloads.
Stop The Attack Before It Starts
Let's
say you made a mistake and ended up downloading a file that your antivirus
software didn't flag. Now what? Not all attacks wreak havoc right away. You may
still have time to react and minimize the damage.
The
first thing to do is disconnect your device from the internet. That way you
will prevent anyone from remotely accessing your device. It also ensures that any
spyware they may have installed doesn't leak their files to the attacker.
Clean Your Device
Stopping
the attack in its tracks is a necessary first step, but that doesn't mean your
job is done. Reconnecting as if nothing had happened is like inviting the
attacker back to your device. You need to scan and clean your device for
malware. If you are unsure of your technical skills, you can take your device
to a local technician or call a technical support center and explain the
situation.
But
a competent security suite should do just fine.
Repair The Damage
Change
logins for any important services like email provider and financial accounts.
Be on the lookout for anything the attacker may have accessed during his short
duration attack.
That
includes changing your passwords, if you saved them locally, and contacting
your bank if you had unencrypted financial documents on your device.
What To Do After Gifting Your Logins?
One
of the most common ways that phishing emails obtain your login credentials is
by informing you that there is a problem with your account and offering you a
link to reset your password. The link leads to a duplicate website where they
collect your password.
If
that happens, they can access your account, especially if you haven't enabled
two-factor authentication.
Change Your Password
Even
if you made the mistake and registered your credentials on a fake website, the
attack does not start until the attacker changes the password and email for the
account, preventing you from logging in or recovering your password.
The
moment you realize you made the mistake, you have to beat them to log into your
account. Go to the actual website - check the URL and SSL certificate before
logging in. There, you need to set a more secure password. Go to settings and
log out of all devices, which would kick out the hacker if they were already
logged in. Be sure to change your security questions and answers as they may be
discovered now that they have access to your personal information.
Beware:
the hacker may try to change the account password and email and also force you
to log out.
Contact the Provider Of The Breached Account
Unfortunately,
it is not always easy to notice this type of outline right from the start. If
you arrived too late and the attacker has already locked your account, you can
still avoid major damage.
Now,
your only option is to contact the account provider. This could be Twitter, for
example, or your bank if it's financial or personal information.
Most
major sites have a protocol for verifying the person using the account, and the
faster you contact them, the less time the hacker will have to change details
or get more information about you.
Change Your Login Credentials
Although
changing your password after an attack may be common knowledge, it should
actually change all of your login information. That includes email, username,
password, and security questions.
Knowing
even one part of your login makes it easier for a hacker to guess the other.
Changing them all after an attack makes it much more difficult for the same
cybercriminal to attack you again.
No comments:
Post a Comment