What to Do if You are a Victim of a Phishing Email
In this present day, you may receive phishing emails often, and some of us may even fall for such scams. Email Phishing attacks are by far the most common social attacks employed by cybercriminals and are on the rise. Phishing can also happen via text messages. The term phishing was coined because the scammers cast out a lure so that the victim will take the bait. It is the technique of impersonating a trustworthy entity and asking you to provide sensitive information. People are still falling for this attack since criminals are getting smarter and are employing new tactics. You may receive links, attachments that may contain malware, or sometimes even messages that prompt you to enter your credentials to a website that looks like your banking website but is fake.
If you ever find yourself in a situation that you've been phished, Don't panic. Here are some risk mitigation steps that you can do to prevent the attacker from further misusing you and your data.
Disconnect from the Internet
If you've downloaded an attachment from the phishing email or you've been taken to the hacker's website, one of the first things to do is to turn off your internet access. Disconnecting your system from the internet prevents the attacker from gaining remote access to your system, thereby safeguarding your files and your system. Turning off internet access also prevents the spreading of malware to other systems within your network.
Scan your Computer
The next thing to do is to scan your computer using anti-virus software. Always make sure that your computer has anti-virus software and has the latest updates because they come in handy during these scenarios. Anti-virus software runs a comprehensive scan on your computer, alerts you, and removes it when it finds any viruses, trojans, spyware, et cetera.
Suppose you clicked any links that took you to a fake login page of a legitimate website(your banking website or any social media websites) where you entered your credentials, make sure to go to the real website and change your password to prevent the criminal from accessing your account. Log in to your account to view the previous activity to ensure that the account isn't compromised. If you have the habit of using the same password in two or more accounts (which is not encouraged), make sure to change the passwords of those accounts too. If the phished credentials were for your email (or you use the same stolen credentials on your email), first change the password. Then, go to the account settings and invalidate all current sessions. Criminals could stay connected to your account even if you change the password.
Monitor Credit Card Activity
If you feel that your credit card details have been compromised during the attack, inform the bank to block your card immediately. Report a fraud alert on your account to prevent identity theft. If your social security number or other ID was stolen, you might also want to put a freeze on your credit to block criminals from opening credit cards in your name.
Report the incident to the company that was spoofed. Take screenshots of the email and also send the links along with your report to help the organization to prevent phishing from the same attacker again. By reporting, you can help people from becoming a victim of these scams. Some important resources that you can use to report are the Anti-Phishing Working Group(APWG) and National Fraud Information Center. Most companies have their support team, and you can report it to them.
The above steps can prevent the hacker from exploiting you further. But the best thing that we can do is to avoid getting phished in the first place. Check out this blog. How to Investigate Phishing Emails? to learn some tricks to spot phishing emails. Also, Make sure to look into the Phishing Attack Trends Report to stay up-to-date on how cybercriminals use different tactics in phishing.