What to do if you've fallen victim to spear phishing
In the first two parts of this blog series, we examined the different methods used in the creation of spear-phishing attacks. If you have clicked on a malicious link, there is no need to worry, you are far from being the first. In fact, 97% of people unable to identify one. Spear phishing emails have an open rate of 70%. With 50% of receivers clicking on an attachment or link, users are 10 times more likely to make this mistake than with generic phishing emails.
Studies show that detection and reporting are the main issues when an organisation is targeted by a phishing attack. It can take up to 50 days from the discovery of an attack, until it is reported; representing a huge risk for organisations.Cyber Security Breaches Survey 2020 The sooner these attacks are detected the better. To help limit the damage, follow these simple but essential steps.
Inform your IT Team
It is essential to inform your supervisor and the IT team about the phishing attack. Before doing anything, allow the IT team perform security processes such as scanning the system for malware and removing any potential threats that could compromised your device. The IT team will then notify your colleagues and make sure this won’t happen again.
Keep Calm and Cybersecure
Keep in mind that falling for a phishing email doesn’t always imply that your personal information has been compromised. Phishing attacks are not all the same, and your response depends on the type of the attack. If you clicked on a malicious attachment, the best thing to do is to disconnect your device from the internet and turn off Wi-Fi. This will prevent the attacker from installing malware which can spread through the system.
Change your Credentials
If you clicked on a link and entered your details on a spoofed website, it is important to immediately log in to your account on the legitimate website and change your credentials. You might need to report the phishing attack to the impersonated organisation, especially if financial information is involved. If you used the same password twice, make sure to change it on the other online account too.
Back up your Files
The next step is to back up all documents, as they can be erased when recovering from a phishing attack. Any information which is owned by your organisation is your organisation’s responsibility to back up. However, it is your responsibility to save your work data to the correct location. This can be done by using a separate storage device such as an external hard drive, or by saving your information remotely as a cloud backup.
Increase your Security Awareness
While 99% of installed network security systems are unable to stop a sophisticated spear phishing email, investing in cybersecurity training remains the best option to prevent these threats from happening again. Given the level of sophistication of spear-phishing attacks and the potential damage that they can cause, preparedness and prevention are foundational measures that should be employed to minimise risk.
Instead of waiting for an attack to happen, it is within every organisations’ interest to educate their employees about information security practices and mitigate threats.
*Many organisations have their own procedures regarding breaches, back-ups and the general handling of a phishing attack. Please consult with the relevant parties within your organisation before taking any action.
believe that there has been a breach of personal data, please seek further
information about procedure responsibilities from the Information Commissioner’s Office.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Can the introduction of the confirmation of payee requirement reduce APP scams? Blog by cybersecurity awareness training provider Hut Six.
All businesses know it's a threat, but how can you spot a spear-phishing email? Blog by Information Security awareness training provider Hut Six.
Human Rights and the Growing Surveillance Economy: Surveillance capitalism can mean your information being sold to the highest bidder. Blog by Hut Six
HP firmware issue: The technology manufacturer Hewlett Packard has announced a firmware issue that could affect thousands of enterprise users. SSDs sold by the company are at risk.
How is a spear-phishing email created? Cybersecurity blog from information security awareness training provider Hut Six Security.
How is it that information security and cyber security differ, and why is it that people frequently use these terms interchangeably?
Facebook ICO fine and the cost of poor information security. Blog from information security awareness training provider Hut Six Security.
Cyber security Awareness month creates a problem in focus for companies. Blog from information security awareness training provider Hut Six Security.
Cybersecurity training modules that give the user the ability to test their skills. Blog from information security awareness training provider Hut Six.
Are micro businesses underestimating social engineering? Blog from information security awareness training provider Hut Six Security.