What to do if you've fallen victim to spear phishing
In the first two parts of this blog series, we examined the different methods used in the creation of spear-phishing attacks. If you have clicked on a malicious link, there is no need to worry, you are far from being the first. In fact, 97% of people unable to identify one. Spear phishing emails have an open rate of 70%. With 50% of receivers clicking on an attachment or link, users are 10 times more likely to make this mistake than with generic phishing emails.
Studies show that detection and reporting are the main issues when an organisation is targeted by a phishing attack. It can take up to 50 days from the discovery of an attack, until it is reported; representing a huge risk for organisations.Cyber Security Breaches Survey 2020 The sooner these attacks are detected the better. To help limit the damage, follow these simple but essential steps.
Inform your IT Team
It is essential to inform your supervisor and the IT team about the phishing attack. Before doing anything, allow the IT team perform security processes such as scanning the system for malware and removing any potential threats that could compromised your device. The IT team will then notify your colleagues and make sure this won’t happen again.
Keep Calm and Cybersecure
Keep in mind that falling for a phishing email doesn’t always imply that your personal information has been compromised. Phishing attacks are not all the same, and your response depends on the type of the attack. If you clicked on a malicious attachment, the best thing to do is to disconnect your device from the internet and turn off Wi-Fi. This will prevent the attacker from installing malware which can spread through the system.
Change your Credentials
If you clicked on a link and entered your details on a spoofed website, it is important to immediately log in to your account on the legitimate website and change your credentials. You might need to report the phishing attack to the impersonated organisation, especially if financial information is involved. If you used the same password twice, make sure to change it on the other online account too.
Back up your Files
The next step is to back up all documents, as they can be erased when recovering from a phishing attack. Any information which is owned by your organisation is your organisation’s responsibility to back up. However, it is your responsibility to save your work data to the correct location. This can be done by using a separate storage device such as an external hard drive, or by saving your information remotely as a cloud backup.
Increase your Security Awareness
While 99% of installed network security systems are unable to stop a sophisticated spear phishing email, investing in cybersecurity training remains the best option to prevent these threats from happening again. Given the level of sophistication of spear-phishing attacks and the potential damage that they can cause, preparedness and prevention are foundational measures that should be employed to minimise risk.
Instead of waiting for an attack to happen, it is within every organisations’ interest to educate their employees about information security practices and mitigate threats.
*Many organisations have their own procedures regarding breaches, back-ups and the general handling of a phishing attack. Please consult with the relevant parties within your organisation before taking any action.
If you
believe that there has been a breach of personal data, please seek further
information about procedure responsibilities from the Information Commissioner’s Office.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Featured
Will Confirmation of Payee Reduce APP Scams?
Can the introduction of the confirmation of payee requirement reduce APP scams? Blog by cybersecurity awareness training provider Hut Six.
Spear Phishing Series Part 2: How to Spot a Spear-Phishing Email
Spear phishing is one of the most effective ways of gaining sensitive information. These highly targeted attacks use your personal information against you.
Human Rights and the Growing Surveillance Economy
Human Rights and the Growing Surveillance Economy: Surveillance capitalism can mean your information being sold to the highest bidder. Blog by Hut Six
Attention: HP's Self-Destructing Firmware
HP firmware issue: The technology manufacturer Hewlett Packard has announced a firmware issue that could affect thousands of enterprise users. SSDs sold by the company are at risk.
Spear Phishing Series part 1: How a Spear-Phishing Email is Created
How is a spear-phishing email created? Cybersecurity blog from information security awareness training provider Hut Six Security.
Information Security vs Cyber Security: What’s the Difference?
How is it that information security and cyber security differ, and why is it that people frequently use these terms interchangeably?
The Cost of Poor Information Security
Facebook ICO fine and the cost of poor information security. Blog from information security awareness training provider Hut Six Security.
Cyber Security Awareness Month: Once a year, all year.
Cyber security Awareness month creates a problem in focus for companies. Blog from information security awareness training provider Hut Six Security.
New from Hut Six: Scenario-based branching Tutorials
Cybersecurity training modules that give the user the ability to test their skills. Blog from information security awareness training provider Hut Six.
Micro-businesses are underestimating social engineering
Are micro businesses underestimating social engineering? Blog from information security awareness training provider Hut Six Security.