IT Best Practices.
You Got Phished and Took the Bait: Now What?
There are a number of email scams out there, ranging from emotional appeals from Nigerian royalty to notifications that you just won the lottery in London – even though you’ve never purchased or made an entry. Fortunately, greater education, awareness and suspicion of these types of email scam messages have helped protect a number of SPAM recipients. While many of these Internet email scams are just digitally updated con games that have been around since before the first World War, the con artists are getting smarter and attempting to work around your suspicions by taking the wolf in sheep’s clothing approach.
It’s called “phishing” and according to a fraud report created by the RSA, 2013 saw nearly 450,000 phishing attacks. Altogether, the damage in dollars amounted to nearly $6 billion.
So, you’re sitting at your laptop and your computer alerts you that you’ve got a new message from Gail, an old colleague you haven’t seen in ages. Hoping to get caught up on what’s been going on, you open the email. Instead of an intimate message, there’ just a link there. Knowing that Gail was always one to pass on a great joke or share a great deal she found online, you click the link. You just took the bait.
Or, maybe you’d never fall for that one, but you’re in a hurry to get out of the office to make it to an appointment and you see you just got an email from what looks like your utility company letting you know that they need you to confirm your account and billing so there’s no interruption of service. So, you click the link and start typing in all of your details in the pop-up that appears. You just took the bait.
What Happens After You’ve Swallowed the Bait?
Falling for a phishing attack is not only embarrassing, it can also be dangerous. Suddenly your (or your company’s) network is at risk, your very identity and credit history are in the cross hairs. But you’re not alone. The McAfee team has created something called the Phishing Quiz, which they use to gauge professionals’ ability to identify and avoid a potential phishing email scam. A whopping 80% of the 16,000 respondents failed to identify and avoid at least one.
If the phishing attack happened at work, suddenly not just your personal information is at risk, but the personal information of every single employee. But what about your clients? Your customers? Your vendors? How protected is their data?
If the big guys like Target can have their data compromised, why do small and medium-sized businesses feel like they’re not a target?
Undoing the Damage
As the old saying goes, an ounce of prevention beats a pound of cure. Having a strong digital security and antivirus software in place can stave off most attacks, but not every one – especially if you’re just relying on a free version of a premium product.
- If you think you’ve just been a victim of a phishing email scan, the first run a full scan of your computer. Make sure that you are using the most recently updated version of your antivirus or anti-malware program.
- Next, you need to contact the credit reporting bureaus and notify them that you’ve been a victim of phishing and to put a fraud alert on your credit file(s). If you are already relying on an identity protection service, contact your provider to notify them of the attack.
- Finally, take a moment to create new passwords for all of your Internet accounts. Don’t just rehash old passwords, but come up with something brand new. This can help prevent infiltration of accounts later down the road by the same con artists.
Need more tips and strategies for data and network security? Be sure to bookmark our website and subscribe to our blog. For more information on how you can protect yourself and your business against these and other email scams, contact us today to discuss solutions.