Getting off the hook: 10 steps to take after clicking on a phishing link
Phishing emails are a weapon of choice for criminals intent on stealing people’s personal data and planting malware on their devices. The healing process does not end with antivirus scanning.
Spelling mistakes, weird grammar, urgent or threatening language, a lack of context – all these are common giveaways of phishing attacks. Some phishing threats are tougher to spot, however, and are indeed a different kettle of fish in that they involve a significant investment of time and meticulous planning from the attackers, who even scrutinize the target’s past communications, which ultimately makes the attack highly convincing and successful.
One popular tactic used by scammers in large-scale fraudulent campaigns involves exploiting current events. For example, what seemed like an email from the UK’s National Health Service to offer a free COVID-19 test was, in fact, a way to obtain victims’ personal details via a fake form.
It takes only moments to fall victim to a scam and not even IT professionals are exempt from this risk. You simply receive a seemingly innocuous email message containing a link you’re told to click on ‘before it’s too late’. But what if, right after doing so, a sense of unease washes over you and you realize it was all a scam? What are your options?
So, what should you do now?
Here are a few tips for what to do after you’ve taken the bait.
Do not provide any further information
Let’s say you received an email from an online store that raises a few suspicions, but you clicked on the attached link without thinking too much about it or just out of curiosity. The link sends you to a website that looks legitimate, and yet doubts linger in your mind.
The most straightforward approach is to refrain from sharing any additional information – do not input your credentials or provide your bank account details. If scammers were going only after your data and did not compromise your device with malware, chances are that you’ve just dodged the hook.
Disconnect your device from the internet
Some phishing attacks may cause you to give scammers access to your computer, mobile phone, or another device. They may deploy malware, collect information about you and your device, or gain remote control of the compromised device.
To mitigate the damage, swift action is imperative. Start by disconnecting the compromised device from the internet.
If you use a PC with a wired connection, simply unplug the internet cable from your computer. If connected through Wi-Fi, turn it off in the device’s settings or turn on the ‘airplane mode’ feature on your mobile phone.
Back up your data
Disconnecting from the internet will prevent more data from being sent to the malicious server, but your data is still in danger. You should back up your files, mainly sensitive documents or those files with high personal value, such as photos and videos.
However, backing up your data after being compromised can be risky, as they may have already been compromised by malware. Chances are that you will back up the malware alongside the photos from your last birthday party.
Instead, you should back up your files regularly and preemptively. If malware hits your device, you can recover your data from an external hard drive, a USB stick, or a cloud storage service.
Run a scan for malware and other threats
Run a complete scan of your device using antimalware software from a reputable provider, all while the device is still disconnected from the internet.
Ideally, you would also run a second scan, using, for example, ESET's Free Online Scanner. Download the scanner either to the computer or possibly to a separate device such as a USB hard drive that you can then insert into the compromised computer and install the software from there.
Don’t use the device during the scan and wait for the results. If the scanner finds suspicious files, follow the instructions to remove them.
If the scanning process doesn’t find any potential risk but you still have doubts, contact your security vendor. And if you’re still not using any multilayered, anti-malware software with anti-phishing features, get yourself one!
Consider a factory reset
Factory reset means returning the phone to its original state by removing all installed apps and files. However, some types of malware can persist on your device even after a full reset, but chances are that wiping your mobile device or computer successfully removes any threat. Remember that a factory reset is irreversible and will wipe all data stored locally. The importance of making regular backups cannot be overstated.
Reset your passwords
Phishing emails may trick you into divulging your sensitive data such as ID numbers, banking and credit card details, or login credentials. All is fish that comes to a scammer’s net! Even when you don’t provide your details, it is possible that if you have malware installed on your device, it might track them down.
If you think this is the case, mainly if the phishing emails request you to deliver a specific login – for example, with a LinkedIn-themed scam – you should immediately change your login credentials, doubly so if you recycle the same password across several accounts such as your email, online banking, and/or social media.
These situations highlight the importance of using unique usernames and passwords for different online services. Using the same credentials across various accounts makes it much easier for attackers to steal your personal data or money.
Contact banks, authorities and service providers
If you entered bank/credit card details or login details for a website with access to your cards, inform your bank immediately. Your card can be blocked or frozen to prevent future fraud, and you can prevent or minimize any financial loss. Remember to check if your bank (or another compromised payment service) has a refund policy for victims of scams.
To avoid other people falling for this scam, you should also contact your local authorities. In the US, according to the US Federal Trade Commission. you can also alert one of the three credit bureaus.
Spot the differences
Criminals who successfully break into one of your devices or accounts may try to establish their presence there for as long as possible. They may change your login details, email addresses, phone numbers, or anything that can help them solidify their foothold in your account.
Review your activity on social media accounts, banking information, and your online shopping order history. If, for example, you spot any payments that feels off, unfamiliar or unauthorized, report it, change your login credentials and ask for a refund.
Search for unrecognized devices
If hackers stole your account details, chances are that they tried to log in from their own device. Most social media platforms keep a record of your current logged-in sessions under the privacy settings. Go check it and force logout for any unknown device.
Notify your friends, contacts, service providers and employer
Sometimes scammers use your contact list on a compromised account to spread phishing links or spam. Be mindful of this and take steps to prevent others from falling for the same scam.
If a cyberattack is related to your work accounts or employer-issued devices, follow your company rules for dealing with cyber-incidents and report the case to your manager and the IT department right away. Major email services such as Outlook or Gmail also offer tools to report phishing emails directly from your inbox.
Taking a bait and clicking on a phishing link may make you feel ashamed, and even alarming, but this kind of threat is evermore common. In fact, it happens to hundreds of thousands of people every year just in the US, and the numbers are rising. If you stay calm and follow the tips above, you’re one step ahead of the threats you could possibly face.