Been phished? Here’s what to do right now

'How to' guides

With increased dependence on email communication, we’re all at risk of falling victim to phishing attacks. Cybercriminals prey on busy workers with tired eyes hoping to catch someone out with an attention-grabbing email — and sometimes it works. But all is not lost. 

If you’ve been tricked into clicking on a phishing link, it can be easy to switch to panic mode.

However, by remaining calm, thinking strategically, and following the steps below, you can minimise the potential damage from this form of cybercrime.

Ten steps to take right now

Step 1: Disconnect your device from the internet

It’s crucial that you disconnect your infected device from the network or internet if you’ve been phished. Disconnecting from the internet is important because doing so: 

  •  Reduces the risk of a cybercriminal remotely accessing your device
  •  Prevents malware from spreading to other devices on the network 
  •  Stops information from being transferred from your device unknowingly. 

Step 2: Backup your files

Your data may be erased when recovering from a phishing attack. It’s vital to back up all your documents, but particularly those containing sensitive data or files with sentimental value, like family photos.

Create a backup on an external hard drive or save your information remotely to the cloud. To fight against any future phishing attacks, regularly backing up your data is essential and should be a part of any cybersecurity strategy.

Step 3: Change your passwords

If you’ve entered your login details into a spoof website, update them immediately from a safe, uncompromised device. Use a strong, complicated password with a combination of characters and numbers to make sure the hacker can’t crack it. It’s also wise to add an extra layer of security with two-factor authentication to reduce the risk of being hacked in the future.

Step 4: Cancel your bank card

Some phishing emails will trick you into entering bank card information into a fake — albeit realistic — website. If you’ve done so, contact the bank and cancel this card straight away. Inform your bank of the full situation so that they can keep an eye on suspicious activity on your account and notify you of any unusual transactions.

Step 5: Alert your security team

Admitting to being phished is nothing to be embarrassed about, but it’s vital that you tell your security team about the situation as soon as possible. By being quick, the team can take precautions to minimise the spread of the threat in the organisation and lock down other company systems. 

Step 6: Flag the email

If your server hasn’t automatically detected the phishing email, make sure to flag it as a scam manually. Your email provider will then report the contact as a scammer and move the email to your spam/junk folder.

Step 7: Run a malware scan

If you’ve clicked on a suspicious link or attachment, you may have unknowingly downloaded malware onto your device. Update your anti-malware software and run a scan to weed out any potential threats. You can then decide whether you need to quarantine or remove the affected files.

Step 8: Contact the spoofed company 

If the cybercriminal impersonates a credible company (or a known contact of yours), you must bring the phishing attack to their attention. They’ll want to investigate the matter internally, deal with any data leaks, and contact any other victims who may have been targeted to limit the damage. 

Step 9: Look out for signs of identity theft

If a hacker has stolen your personal information, there’s a risk they could use this information for illegal reasons. For example, they could take out a loan in your name. Keep an eye out for any signs of identity theft by regularly checking your bank account and credit file. You can also set up a fraud alert with credit reporting agencies to prevent the scammers from taking out credit in your name.

Step 10: Protect yourself against future scams

Learning from past mistakes is the best way to move forward after a phishing scam. Check out our article on how to avoid spear phishing attacks, and consider implementing an email solution like Egress Defend to stay one step ahead of scammers.

Learn more to stay safe

Cybercriminals are finding more intelligent, sneaky ways of getting into your inbox. The best method of defence is vigilance, training, and cybersecurity planning. Check out our phishing hub to keep up to date on the latest phishing advice and stay protected online.