Here’s the steps provided by ESET for dealing with a phishing attack:
It only takes a few minutes for someone to become a victim of an electronic phishing scam. However, what can we do if we click on a link and suddenly realize it might have been a scam?
The global digital security company ESET presents ten steps we can take after taking the bait:
- Do not provide more information: If you receive an email from an online store that raises suspicions but have already clicked on the attached link, avoid sharing any additional information and do not provide your banking details.
- Disconnect your device from the internet: Some phishing attacks may install malicious software, collect information about you and your device, or gain remote control of the compromised device. To mitigate the damage, start by disconnecting the compromised device from the internet.
- Create backups of your data: Disconnecting from the internet will prevent further data transmission to the malicious server, but what about your data that may still be at risk? You should create backups of your files, especially sensitive documents or high-value personal files like photos and videos. Creating backups of your data regularly and proactively is crucial. If your device is infected with malicious software, you can recover your data from an external hard drive, a USB stick, or a cloud storage service.
- Run a scan for malicious software: Use reliable anti-malware software to scan for malicious software and other threats while your device is still offline. Ideally, you should run a second scan using a free online scanner like ESET’s. If the scanner detects suspicious files, follow the instructions to remove them.
- Consider restoring factory settings: Restoring your device to factory settings means returning it to its original state, erasing all installed applications and files. However, some types of malicious software may persist even after a full reset. Still, chances are that wiping your mobile device or computer will successfully remove any threats. Restoring factory settings is irreversible and will delete all locally stored data, so it’s essential to have backups.
- Change your passwords: Phishing emails may trick you into revealing sensitive information such as identification numbers, banking details, or passwords. Even if you didn’t provide this information, malicious software installed on your device may have found it. If this happens, change your login credentials immediately for different accounts.
- Contact banks, authorities, and service providers: If you’ve given out your banking or credit card information or login details for a website that accesses your cards, contact your financial institutions and relevant authorities. Your card can be blocked or frozen to prevent future fraud and minimize potential financial losses.
- Check your account activity: Cybercriminals who have successfully breached your device or accounts may attempt to establish a presence for as long as possible. They may change login credentials, email addresses, phone numbers, or anything else that helps them secure their gains. Monitor your activity on social media accounts, banking information, and the history of your online purchases. If you notice suspicious, unfamiliar, or unauthorized payments, report them, change your login credentials, and request refunds.
- Look for unrecognized devices: If hackers stole your account credentials, chances are they tried to log in from their own devices. Most social media platforms maintain a record of active login sessions in privacy settings. Check these settings and forcibly log out any unknown devices.
- Notify friends, contacts, service providers, and your employer: Sometimes scammers use our contact lists in a compromised account to spread phishing links or unwanted emails. Take measures to prevent others from falling victim.
These steps should help you respond effectively to a phishing attack and minimize potential damage.