You Clicked on a Phishing Link, Now What?
We all experience that “uh-oh moment” from time to time. It’s that moment you wake up and realize you left your credit card sitting on the table at the restaurant last night. Fortunately, it only takes a phone call to cancel the card and receive a new one in two days. If you had left your wallet filled with cash somewhere the night before, that money is most certainly gone for good.
The good news is that you can usually recuperate from most of those “uh-oh moments” and that includes clicking on a phishing link. Someone within your organization is going to click on a phishing link at some point as 83% of all companies experience a phishing attack each year. These attacks are the leading culprits for malware and ransomware distribution, with 90% of all cyberattacks initiated through phishing. If the odds indeed that you or someone in your office will click one of these malicious phishing links, the question becomes, what to do next?
Types Phishing Attacks
To begin with, it’s essential to understand the various kinds of phishing attacks that individuals often encounter:
- Email Phishing: This is the generic type of phishing attacks most people commonly think of. These deceptive emails aim to trick users into clicking on malicious links, downloading attachments, or providing sensitive information. They are sent out in large volumes and often appear to come from trusted sources such as banks, delivery companies, etc. The aim is to snag a small percentage of users with each attack wave.
- Spear Phishing: These attacks are more targeted as the attacker has some information on the targeted victim to increase the likelihood of success. For instance, emails may come from a supplier or vendor that the person does business with or may be related to an active hobby.
- Whaling: Here the target is a high-profile individual such as a CEO or other C-suite executive. A great amount of preparation can go into these attacks to determine the right moment to act. These attacks usually focus on initiating large financial transfers, divulging sensitive company information, or other actions that a high-ranking executive might have the authority to undertake.
Regardless of what type of phishing attack you may be exposed to, the aim is the same, to convince you to take some type of action that involves clicking on a link and even the most diligent of users can fall for these well-crafted emails now and then. The aim of attackers is not to advertise their presence, but blend into the environment they wish to exploit. Given the frequency with which many users sift through their emails daily, it’s not uncommon for a deceptive one to occasionally go unnoticed.
The Clues to Look For
Every email should be approached with a touch of healthy skepticism. We as individuals perform instinctive assessments on a constant basis every day. We intuitively judge the appearance and behavior of a stranger, gauge the intentions of a salesperson, or visually inspect the food from an unfamiliar street merchant. In the same way that cashier clerks are trained to examine the security features of a large bill denominations, email users should be trained to look for clues that may signal a suspicious email.
- Don’t just go by the “Display Name” of the sender. Look to identify the actual email address being used to confirm that it is of the correct domain. Depending on what email client you use, you can usually either hover over or click on the display to reveal the actual email address.
- Read through the content of the message. A quick signal of a general phishing attack is a generic salutation such as “Dear Customer.” Look for signs such as misspellings or bad grammar although many phishing creators now use AI tools such as ChatGPT to create phishing messages now.
- Look for a call to action on your part such as clicking a link to reset your online credentials or open a shared image or document.
- A call to action will involve some type of link. Hover your mouse curser over the link itself to confirm it is the right domain. Do this carefully as hackers will often change just one letter of a trusted domain, which the recipient might easily miss.
- If you are directed to a web page, look at it carefully to confirm it looks right. You can even pull the domain’s home page up in a separate browser session using incognito mode to confirm this.
The good news is that simply opening an email will rarely if ever result in anything bad occurring. Clicking on an embedded link or attachment is nearly always required.
The Post-click Game Plan
While every security minded organization needs someone who is well versed in the technical aspects of email and email threats, there are some simple measures that most any user can take to reduce the blast zone of that regretful click. If you get that uncanny feeling that you clicked on something you shouldn’t have, go with your gut, and take the following steps:
- Ignore any request for personal information such as credentials, banking information or contact information.
- Disconnect from the connected network immediately to stop any possible malicious code from downloading. This can easily be done by disabling the Wifi feature of your wireless device or unplugging the ethernet cable from your computer.
- Immediately scan your computing device for malware.
- Change the online password of any organization related to the website you were directed to. If you use the same password for any financial, ecommerce, or healthcare sites you should change it as well.
- If you have provided any sort of sensitive information prior to identifying the threatful nature of an email, you should consider placing a fraud alert with one of the major credit bureaus.
What Your Business Can Do
While these security measures are suitable as a last resort for end users, businesses shouldn’t solely rely on individual efforts to ward off phishing attacks. Though multifactor authentication (MFA) is highly recommended and often mandated for compliance, it is not a magic bullet for countering phishing attacks as hackers have recently unveiled advanced phishing methods that bypass MFA. Security requires visibility into all aspects of your environment and that means 24/7 monitoring of your systems and endpoints. Using a third-party organization such as CYREBRO that specializes in cybersecurity monitoring and incident response is a strategic move to proactively identify and counteract emerging threats. CYREBRO uses advanced threat analytics and threat intelligence to help prevent any kind of malicious intents by bad actors. It can also lessen the impact of those “uh-oh moments” such as malicious link clicking. No one is perfect, but with 24/7 cybersecurity monitoring, you don’t have to be to remain safe.