Although phishing attacks are an increasingly common threat and we are most of the time aware of their existence, in moments of vulnerability we may fall for them without realizing it.
When we click on a phishing link, two things can happen to us, either the malware has started to download automatically on our device, or we have been redirected to a fake website designed to steal our information.
In case you have been the victim of such an attack or you want to inform yourself to help someone who is suffering from it, today’s article will offer some tips on how to act quickly, minimize the impact and protect your personal information.
What is a phishing link?
A phishing link is a malicious link that cybercriminals send through emails or text messages designed to trick their victims. In addition, as we have seen in previous articles, phishing is a type of social engineering attack that seeks to get victims to share sensitive information from messages that usually generate a sense of emergency, pretending to be someone trustworthy, such as a family member, a friend, or institutions such as the bank, the Tax Agency or the General Directorate of Traffic.
Is it helpful to disconnect from the Internet after a phishing attack?
Disconnecting from the Internet can be useful in certain cases, depending on the type of phishing attack, but if the attack was about asking you for personal data or passwords through a link, disconnecting will not help because the cybercriminal already has the information he was looking for.
If, on the other hand, the phishing attack consisted of downloading a file or clicking on a link that executed something on your device, disconnecting could limit the malware’s communication with the attacker’s server, which is particularly relevant in cases of ransomware or trojans. This could prevent further data from being sent from your device or prevent the malware from receiving additional commands to expand its action.
In this case, if you suspect that malware is involved and you choose to disconnect, you can follow these steps:
- Turn off the Wi-Fi or disconnect the network cable.
- Run an offline security scan: Use an up-to-date antivirus program that allows offline scans to detect threats.
- If you need to search for information or change passwords, use a device that has not been breached to minimize risks.
What further steps should you take?
Once we are aware that we have suffered such an attack, it is important not to lose our calm and to act as quickly as possible. But if we are overwhelmed by the situation, we should ask for help from someone we can trust.
Here is a quick guide to what to do in the event of an attack:
Assess the situation
The first thing we need to do is to analyze what information we have shared with the attacker:
- Did you provide your username and password?
- Did you provide personal information such as your address or identification number?
- Did you include financial data, such as bank card numbers?
This initial assessment will allow you to determine the scope of the problem and prioritize the necessary actions.
Change your passwords
If you shared the passwords for accessing any account, change them immediately following these tips:
- Create strong passwords: Create unique passwords with combinations of letters (uppercase and lowercase), numbers and symbols.
- Avoid reusing passwords: Make sure that each account has a different password.
- Enable two-factor authentication (2FA): This additional layer of security requires an additional code to access your accounts, even if the attacker knows your password.
Contact the organizations of the affected accounts
If the compromised data includes financial information, such as credit cards or bank accounts, it is essential to contact your bank immediately and follow the steps below:
- Block compromised cards: Block and request a replacement if necessary.
- Review your transactions: Check your account status to detect any suspicious activity.
- Activate activity notifications: Set up real-time alerts for your bank accounts in case any payment is made without your consent.
If, on the other hand, the attack has affected a specific platform, such as an email service or a social network, notify them through their support channels.
Analyze and clean your devices
Phishing attacks not only seek to obtain information directly and, as mentioned above, can also include the installation of malware. For this reason, it is important to perform a thorough cleaning of your devices as follows:
- Run an antivirus scan: Make sure your security software is up to date and run a full scan.
- Update your operating system: Security updates are very important to close possible vulnerabilities.
- Check your browser extensions: Uninstall suspicious add-ons that you have not authorized.
Learn how to prevent future attacks
A phishing incident can become an important cybersecurity lesson, so taking preventive measures to minimize the risk of future attacks can be a learning opportunity. Therefore, be skeptical of emails and be wary of messages that request personal information or include suspicious links.
It is also important to always verify the source, and before sharing information, make sure the sender is legitimate. You can do this by visiting the entity’s official site directly rather than using links you find in the message.
To learn more about this and other types of attacks, we recommend this article to find out what strategies criminals follow and how to protect yourself.
Want to learn more about security? Don’t miss these resources!
- The human factor in cybersecurity: The weak point of organizations
- Zero Trust: Redefining cybersecurity strategy
- How to secure your smart home network: Discover the importance of network security in your home
At Block&Capital, we strive to create an environment where growth and success are accessible to all. If you’re ready to take your career to the next level, we encourage you to join us.
Last posts
