What to do if you've fallen victim to spear phishing

In the first two parts of this blog series, we examined the different methods used in the creation of spear-phishing attacks. If you have clicked on a malicious link, there is no need to worry, you are far from being the first. In fact, 97% of people unable to identify one. Spear phishing emails have an open rate of 70%. With 50% of receivers clicking on an attachment or link, users are 10 times more likely to make this mistake than with generic phishing emails.

Studies show that detection and reporting are the main issues when an organisation is targeted by a phishing attack. It can take up to 50 days from the discovery of an attack, until it is reported; representing a huge risk for organisations.Cyber Security Breaches Survey 2020 The sooner these attacks are detected the better. To help limit the damage, follow these simple but essential steps.

Inform your IT Team

It is essential to inform your supervisor and the IT team about the phishing attack. Before doing anything, allow the IT team perform security processes such as scanning the system for malware and removing any potential threats that could compromised your device. The IT team will then notify your colleagues and make sure this won’t happen again.

Keep Calm and Cybersecure

Keep in mind that falling for a phishing email doesn’t always imply that your personal information has been compromised.  Phishing attacks are not all the same, and your response depends on the type of the attack. If you clicked on a malicious attachment, the best thing to do is to disconnect your device from the internet and turn off Wi-Fi. This will prevent the attacker from installing malware which can spread through the system. 

Change your Credentials

If you clicked on a link and entered your details on a spoofed website, it is important to immediately log in to your account on the legitimate website and change your credentials. You might need to report the phishing attack to the impersonated organisation, especially if financial information is involved. If you used the same password twice, make sure to change it on the other online account too.

Back up your Files

The next step is to back up all documents, as they can be erased when recovering from a phishing attack. Any information which is owned by your organisation is your organisation’s responsibility to back up. However, it is your responsibility to save your work data to the correct location. This can be done by using a separate storage device such as an external hard drive, or by saving your information remotely as a cloud backup. 

Increase your Security Awareness

While 99% of installed network security systems are unable to stop a sophisticated spear phishing email, investing in cybersecurity training remains the best option to prevent these threats from happening again. Given the level of sophistication of spear-phishing attacks and the potential damage that they can cause, preparedness and prevention are foundational measures that should be employed to minimise risk. 

Instead of waiting for an attack to happen, it is within every organisations’ interest to educate their employees about information security practices and mitigate threats.

*Many organisations have their own procedures regarding breaches, back-ups and the general handling of a phishing attack. Please consult with the relevant parties within your organisation before taking any action.

If you believe that there has been a breach of personal data, please seek further information about procedure responsibilities from the Information Commissioner’s Office.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.


Confirmation of Payee - APP Scams

Will Confirmation of Payee Reduce APP Scams?

Can the introduction of the confirmation of payee requirement reduce APP scams? Blog by cybersecurity awareness training provider Hut Six.

Spear Phishing Indicators

Spear Phishing Series Part 2: How to Spot a Spear-Phishing Email

Spear phishing is one of the most effective ways of gaining sensitive information. These highly targeted attacks use your personal information against you.

The Surveillance Economy and Human Rights

Human Rights and the Growing Surveillance Economy

Human Rights and the Growing Surveillance Economy: Surveillance capitalism can mean your information being sold to the highest bidder. Blog by Hut Six

HP Firmware Self Destructs

Attention: HP's Self-Destructing Firmware

HP firmware issue: The technology manufacturer Hewlett Packard has announced a firmware issue that could affect thousands of enterprise users. SSDs sold by the company are at risk.

How a Spear Phishing Email is Created

Spear Phishing Series part 1: How a Spear-Phishing Email is Created

How is a spear-phishing email created? Cybersecurity blog from information security awareness training provider Hut Six Security.

Information Security vs Cyber Security

Information Security vs Cyber Security: What’s the Difference?

How is it that information security and cyber security differ, and why is it that people frequently use these terms interchangeably?

The Cost of a Security Breach

The Cost of Poor Information Security

Facebook ICO fine and the cost of poor information security. Blog from information security awareness training provider Hut Six Security.

Cyber Security Awareness Month

Cyber Security Awareness Month: Once a year, all year.

Cyber security Awareness month creates a problem in focus for companies. Blog from information security awareness training provider Hut Six Security.

Branching Scenarios - Hut Six Product Update

New from Hut Six: Scenario-based branching Tutorials

Cybersecurity training modules that give the user the ability to test their skills. Blog from information security awareness training provider Hut Six.

Social engineering threats to small organisations

Micro-businesses are underestimating social engineering

Are micro businesses underestimating social engineering? Blog from information security awareness training provider Hut Six Security.

Speak to us about your Cyber Awareness