I Fell For a Phishing Attack: Now What?!
Canadian SMBs need to understand the depth of sophistication that attackers are using in order to EDUCATE and train employees to protect themselves from modern phishing attacks.
Even with the most diligent protocols in place, cyber criminals have created complex business models to penetrate the most prepared companies so if an attack happens, don’t panic!
Should you experience an incident at work, it is ideal to promptly inform your IT department and follow proper protocol with your administrator.
5 quick steps to begin your process of recovery
1. STAY CALM AND DISCONNECT
Embrace all those memes reminding you to Keep Calm, maybe even take a quick glance at the poster of the cat on a tree branch (if you have still have one hanging around). Okay, enough cat, just take a quick breath, disconnect from your server and turn off the Wi-Fi. There is a slim chance you can stop the phisher from installing malware and infecting your system.
Write down/Screenshot the details:
What info did you provide? Username, Password, Card Numbers, Confidential Organizational Data
Who sent the email/Where did you click? URL, Email Content, Sender’s Name/Email, Company they were spoofing
All of this info will help you to report the incident and investigate.
2. TIME TO CHANGE YOUR PASSWORD
Log in to the REAL site you were trying to access and change your password. If you use the same password for any other login including work and personal, make sure to change them accordingly (using the same password for multiple accounts is NOT recommended).
Also change security questions and hints.
Create a strong password with these tips.
3. REPORT THE INCIDENT
Chances are you aren’t the only victim the phisher is targeting. Inform the company that the phisher is impersonating so they can be aware of the situation and further protect your personal data from their end. If you start experiencing false emails sent from your account, be sure to warn your contacts not to open any suspicious links or to accept any requests to transfer funds.
Places to notify:
financial services, credit bureau (credit cards, banking)
government services (SIN/SSN, passport, driver’s license)
To help others, report incidents to the Canadian Anti-fraud Centre.
If this happens at work, your administrator will have to comply with incident reporting guidelines and take appropriate measures (if you are an organization and need help with compliance and reporting, click here).
4. SCAN AND UPDATE SOFTWARE
Although you routinely update your software, perform a comprehensive scan and perform an update. Again, involve your IT department or administrator to ensure all of your antivirus tools are activated.
5. STAY AWARE
Keep an eye on out for financial risks and identity theft. Monitor your accounts and card statements, protect your credit score. Stay proactive until you are sure there are no risks to your financial and personal data.
Remember: practicing safe web habits and following corporate safety protocols is always the best way to prevent an attack. Although it is never 100% effective and anyone can mistakenly fall victim, it is up to each individual to act appropriately in the event an attack does happen.
We can help you defend your business
Are you concerned with Phishing posing a threat to your company?
We’re here to help! Talk to a cyber security specialist today and get expert advice, proactive strategies and the right-sized cyber security solutions tailor-fit for you organization. Schedule a FREE cyber security discovery call today.