Phishing attacks are a common and increasingly sophisticated form of cybercrime.
If you’ve clicked on a phishing link, it’s crucial to act quickly to mitigate potential damage.
Here’s a step-by-step guide on how to spot a phishing email or message and what to do if you find yourself in this situation.
Understanding Phishing Attacks
Phishing attacks are a type of cybercrime where attackers pose as legitimate entities to deceive individuals into revealing sensitive information such as login credentials, credit card numbers, or other personal data.
These attacks can take various forms including email, social media messages, phone calls, and even text messages.
The primary goal is to trick the recipient into taking an action that benefits the attacker such as clicking a malicious link, downloading malware, or providing confidential information.
In 2022, fraudulent emails accounted for nearly 50% of all sent emails with phishing remaining one of the most common forms of cybercrime, equating to an estimated 3.4 billion spam emails sent every day.
3 Common Types of Phishing Attacks
Email phishing
The most prevalent form where attackers send fraudulent emails that appear to be from reputable sources. These emails often contain links to fake websites designed to steal personal information.
Vishing (voice phishing)
Uses phone calls to deceive individuals into providing personal information. Attackers often pose as representatives from banks, government agencies, or tech support.
Smishing (SMS phishing)
Utilises text messages to lure victims into clicking malicious links or providing personal information.
Immediate Actions
If you’ve clicked on what you believe to be a phishing link – don’t panic! Carry out these steps immediately:
1. Disconnect your device
The first and most crucial step is to disconnect your device from the internet.
This will prevent any malware from communicating with its command-and-control server and spreading to other devices on your network.
2. Do not provide personal information
If the phishing link directed you to a webpage asking for personal information, do not enter any details.
Close the browser window immediately to prevent further interaction with the malicious site.
3. Scan for malware
Run a comprehensive malware scan on your device. Use reputable antivirus software such as Bitdefender, Norton, or Avast to check for any malicious files that may have been downloaded.
If you don’t have antivirus software installed, consider using another device to download a trusted antivirus programme and transfer it via USB to the affected device.
4. Change your passwords
If you entered any login credentials after clicking the phishing link, change those passwords immediately. Ensure that you use strong, unique passwords for each account.
The National Cyber Security Centre recommends combining ‘three random words’ to create a password that’s long enough and strong enough.
Also, consider using a password manager to keep track of all your passwords securely.
5. Monitor your accounts
Keep a close eye on your bank accounts, credit cards, and other financial accounts for any suspicious activity.
Report any unauthorised transactions to your financial institution immediately.
It’s also wise to inform your bank about the incident regardless of whether any unusual activity has been spotted so that they can take additional precautions.
6. Report the Incident
Report the phishing attack to the relevant authorities. You can forward the suspicious email to report@phishing.gov.uk.
This will help them to take action and protect others from similar attacks.
You should also report the incident to Action Fraud, the UK’s national reporting centre for fraud and cybercrime if you:
- Have lost money or been a victim of fraud as a result of responding to a phishing message.
- Have been hacked or had your personal data compromised.
- Have received a suspicious email or message claiming to be from a government agency or official organisation.
Preventative Measures
Prevention is always better than having to react after an incident has occurred.
Consider carrying out the following steps to ensure that you are prepared for any potential phishing attacks.
Use security software
Always keep your antivirus software up to date.
Consider using additional security tools like anti-phishing tech or secure email solutions to provide an extra layer of protection.
Enable two-factor authentication (2FA)
Wherever possible, enable two-factor authentication on your accounts.
This adds an extra step to the login process, making it harder for cybercriminals to gain access even if they gather sensitive information from you such as your password.
Be cautious with emails
Always scrutinise emails before clicking on any links or downloading attachments.
Verify the sender’s email address and look for signs of phishing such as spelling errors, unexpected attachments, or mismatched URLs.
Regularly update software
Keep your operating system, browser, and other software up to date.
Software updates often include security patches that protect against known vulnerabilities.
Back up important data
While it’s a good practice to regularly back up your data, doing so ensures that you don’t lose critical data if your device is compromised.
Use an external hard drive or cloud storage to back up important files.
Educate yourself and others
Familiarise yourself with the common signs of phishing emails such as generic greetings, urgent requests, and suspicious links.
Share this knowledge with friends, family, and colleagues to help them avoid falling victim to similar scams.
In Summary
Clicking on a phishing link can be a nerve-wracking experience, but taking immediate and informed actions can reduce the potential damage.
By following the steps outlined above, you can protect your personal information and minimise the risk of further harm.
Stay vigilant to safeguard yourself against future phishing attacks. Remember, the best defence against phishing is awareness and caution.
Stay informed about the latest phishing tactics and always think twice before clicking on unfamiliar links or providing personal information online.
References:
The Latest 2024 Phishing Statistics, AAG 2024
Top tips for staying secure online, NCSC 2021
Action Fraud National Fraud & Cyber Crime Reporting Centre 2024
Reviewed By:
Sabrina McClune, 01.08.24
Sam Kendall, 07.08.24