What to do if you’ve been phished

Egress | 14th Jul 2023

Every employee in an organization has access to email, creating a vulnerability that cybercriminals seek to exploit through phishing attacks. There are many different types of phishing attacks that bad actors use to achieve their goals, and it is important to have the right processes and security solutions in place to prevent employees from falling victim.

Phishing attacks are becoming more sophisticated. Bad actors make use of social engineering techniques and payloadless attacks that will bypass traditional email security, such as secure email gateways (SEGs). According to the Egress Email Threats Pulse Report, there has been a 121% increase in the use of legitimate websites found to host malicious payloads and a 51% increase in phishing emails sent from compromised accounts. The only way to detect these attacks is to make use of an Integrated Cloud Email Security (ICES) solution, such as Egress Defend. Without an ICES solution, it is inevitable that an employee will fall victim to a phishing attack.

By remaining calm, thinking strategically, and following the below advice, employees can minimize the potential damage from a phishing attack.

What to do after the attack

Employees may feel embarrassed to report that they have fallen victim to a phishing attack. It is important that they know how vital it is to report it to the security team, even if it is not a phishing attempt, so that they can deal with the situation as soon as possible. By being quick, the team can take precautions to minimize the spread of the threat in the organization and lock down other company systems.

Change passwords

When an employee has entered their login details into a spoofed website, they must update them immediately. Organizations can force a password reset for corporate accounts and deactivate all active sessions to ensure this is completed as quickly as possible. It is vital that employees use a strong, complicated password with a combination of characters, numbers, and symbols to make it incredibly difficult for hackers to access it.

It’s also strongly recommended to add another layer of security to the login process with multi-factor authentication to reduce the risk of being hacked again in the future.

Run a malware scan

If an employee clicks on a suspicious link or attachment, they may unintentionally download malware onto their device. After notifying the security team, they should be guided on how to run a malware scan to minimize and isolate the threat. Employees should always ensure their anti-malware software is up to date before running the scan.

If the software detects malware, they must follow the steps below to ensure the attack is dealt with swiftly. The security team will isolate the machine from the network to ensure the malware doesn’t infect more systems within the network. After this the security team will conduct sandboxing to determine further details of the apparent threat.

Monitor for signs of account takeover (ATO)

In some cases, attackers move laterally, or the downloaded malware may evade an anti-malware scan, permitting a bad actor access to personal information or credentials. This creates risk and such information could be for the building blocks for further attacks. For example, compromised account credentials could be utilized to defraud or attack an organization within an organization’s supply chain.

Where possible, critical accounts should be monitored for signs of compromise, such as utilization of services not regularly accessed, or activities that are noted to be abnormal. This could include the creation of irregular mail flow rules to SharePoint that are not ordinarily connected to an organization.

Prevent future attacks

Where an attacker has been successful it is more likely the organization will be targeted again in the future. It is important to deploy an integrated cloud email security (ICES) solution, such as Egress Defend, to protect your organization from falling victim again.

Defend uses AI models, including natural language understanding (NLU) and natural language processing (NLP), as part of its detection capabilities. NLU and NLP analyze the language used in emails to detect all types of phishing attacks and are effective for those that don’t contain a known malicious payload, which get through traditional solutions.

Learn about the different types of phishing

Cybercriminals are using more advanced tactics to land in their victim’s inbox. Take a look at our phishing hub to learn about the many different forms of phishing attacks and keep up to date on the latest phishing advice and stay protected online.

Related articles

Healthcare555x300

Why is healthcare such a big target for ransomware?

Understand why healthcare organisations are major targets for ransomware attacks.
Preventphishemail 600x400 316kb

How to prevent email phishing

Phishing has been around for a long time. The thing is, attackers continue to use it because it’s still very effective.
Business Email Compromise

Examples of business email compromise (BEC) attacks

Learn about some of the biggest BEC attacks from across the globe, and find out how cybercriminals target their victims.
Ukraine555x300

Businesses warned to boost cyber defenses due to Ukraine tensions

After a week of diplomatic discussions over the ongoing tensions in Ukraine, cybersecurity concerns have come to the fore. Regulators have strongly advised businesses to improve cybersecurity in the face of potential attacks.