You check your email one morning and notice a coworker reached out to you asking for the login info for an app you often use. After you send her the username and password, however, you notice that there are a few typos in the message, which is out of character for your colleague. With a sinking feeling in your stomach, you check the sender’s address and realize you’ve fallen for a phishing scam and handed some hacker the keys to access your company’s data.
Luckily, if you do get tricked into disclosing private information, you can take immediate action to minimize the damage. If you take the bait for a phishing scam, here’s what you should do to ensure the best possible outcome for yourself and your company.
5 Steps to Take ASAP if You Fall for a Phishing Scam
If you clicked a link, downloaded an attachment or otherwise got tricked by a malicious message, here’s what to do next.
1. If you’re using your work laptop or PC, contact your IT department immediately. The sooner you notify them, the faster they can act to remedy the situation, according to the Money article “How to Spot a Phishing Email (and What to Do if You Took the Bait).”
2. Change your password for your email and all other online accounts. Be sure to create a strong and unique password for each account, Norton advises. To keep track of them all, we suggest utilizing a password manager.
3. Run a scan on your machine with current anti-virus software. This applies if you clicked on a malicious link or downloaded an attachment that might have contained malware, according to the Federal Trade Commission (FTC).
4. Visit IdentityTheft.gov if you gave out info like your bank account details or credit card number. The FTC advises following the instructions on this website to combat potential identity theft.
5. Report the scam. The FTC suggests reporting the email at ftc.gov/complaint and forwarding it to the Anti-Phishing Working Group at firstname.lastname@example.org.
How to Spot Phishing Scams and Avoid Getting Snared
Phishing is one of hackers’ favorite tactics, and they keep refining their technique. The pandemic has also led to a flood of COVID-19-related phishing attempts: In April 2020, Google’s Threat Analysis Group (TAG) reported identifying 18 million malware and phishing Gmail messages daily with coronavirus themes.
As a result, odds are good that email scams will continue to land in your inbox occasionally. Getting tricked by these deceptive messages is a common issue: Nearly 3 in 10 full-time office workers around the world included in a June 2020 survey said they’d fallen for a phishing scam or clicked a phishing link during the previous year, according to the report “COVID-19 Clicks: How Phishing Capitalized on a Global Crisis” from Carbonite and Webroot.
Here are some signs that you’re dealing with a phishing attempt, according to the FTC:
- The email comes from a company you trust (e.g., your bank or credit card company) and warns of suspicious activity on your account and asks you to log in or provide personal information. The message might also come from your boss or a coworker, asking for login info or financial details. Call the company or person directly if you want to confirm whether there’s actually an issue.
- The message asks you to click on a link to confirm payment info.
- It starts with a general greeting like “Hi Dear.”
For more signs of a phishing attack, check out our infographic: “Gone Phishing.”
For businesses, regular employee security awareness training is vital to reduce the chances of one of your staff members falling victim to a phishing scam. Our team offers training services and can even test your staff’s spam-spotting abilities with our spoof phishing solution.
For more info about our services and phishing in general, don’t hesitate to give us a call at 877-599-3999 or email email@example.com.