Email Security Intelligence - The Aftermath of a Cyberattack Pt. 1: Phishing Recovery Basics

Do you suspect that you’ve fallen victim to a phishing attack? Are concerned with the impact that it may have on your business, your productivity, and your reputation - but are unsure of how to proceed? Who should you call? Have critical email accounts or has sensitive financial information been compromised? 

If you are anxiously asking yourself these questions, you're not alone. It is normal to panic when you first learn or suspect that your systems - or possibly your business - may have been compromised in an attack. However, do your best to remain calm. Knowing what to do in these circumstances is critical in minimizing damage. Set yourself up for a smooth, successful recovery by letting our experts provide you with advice and guidance on protecting sensitive data and securing your systems after a phishing attack.

 

What Is a Phishing Attack?

Phishing - a dangerous email scam in which a malicious actor masquerades as a reputable sender - is currently used in over 90% of all cyberattacks. Modern phishing attacks are highly targeted, sophisticated and difficult to detect. While phishing campaigns have traditionally leveraged malicious URLs or attachments to steal sensitive credentials or infect systems with malware, attackers are increasingly employing stealthy fileless techniques in an effort to evade detection. The majority of businesses lack layered real-time email security defenses, leaving them highly susceptible to credential theft and wire transfer fraud - especially in this time of heightened digital risk. The FBI reports that despite existing security defenses, 30% of phishing attempts are opened by target users. 

 

Have I Taken the Bait in a Phishing Scam?

When it comes to determining whether you’ve been caught by phishers, the best clue is often those in your address book. In phishing campaigns, attackers frequently leverage compromised accounts to send fraudulent emails that appear to come from a known and trusted sender with the aim of compromising further credentials, stealing money from victims and perpetuating the vicious cycle of cybercrime.

Have you gotten an email from a colleague, letting you know that he or she has received a suspicious email from your address? Have you been informed by a superior at your company that he or she received a message from your account that didn’t seem quite like the emails you typically send? If so, it is highly likely that you unknowingly disclosed account credentials to attackers in a phishing scam.

Have you detected suspicious activity on your device and run a malware scan that confirmed malware was present? Have your files been locked by ransomware? If so, it is highly probable that the malware was downloaded from a malicious attachment in a phishing email, as Verizon reports that 94% of all malware is delivered via email.

Has a company that you thought you had paid via a wire transfer informed you that they have not received your payment? If so, you may have fallen for a wire transfer scam carried out via phishing.

 

Costly Clicks: The Consequences of a Phishing Attack

It is a safe assumption that 2020 has been a pretty difficult year for the majority of businesses - especially SMBs, who often lack the resources required to tackle modern cybersecurity threats. Having to recover from a phishing attack only adds to the challenges businesses currently face - often presenting them with severe consequences including data theft, account compromise, financial loss and significant, costly downtime - or worse, permanent closure. One wrong click can also result in serious reputation damage and obliterated client trust - after all, a phishing attack not only puts the victim organization at risk, but its customers as well.

Sensitive information stolen in a phishing scam can be used to initiate fraudulent wire transfers in which an employee is tricked into transferring funds to an account controlled by the attackers. The FBI has disclosed that a reported $221 million was lost to wire transfer fraud in 2019 - and this is only the tip of the iceberg, since a meager 15% of wire fraud is reported. Email accounts that have been taken over by cyber criminals using credentials stolen in phishing attacks can also be leveraged in dangerous email account compromise (EAC) scams to hijack further accounts.

In some cases, biting the hook in a phishing attack results in the installation of ransomware, spyware or other destructive malware. Ransomware attacks cost SMBs an average of $713,000 per incident (a combination of the expense of downtime and lost business due to reputational harm), and 60% of SMBs that get hit with ransomware are forced to permanently close doors within six months of experiencing the attack.

 

Phishing Recovery: Advice from Our Experts

If you’re unable to spot a phish and end up falling victim to an attack, you’re in good company. Modern phishing campaigns are so targeted and sophisticated that even the most security-aware users can be tricked by attackers, and users are now three times more likely to click on a phishing link and then disclose their account credentials than they were pre-COVID. 

In the event that you do fall for a phishing scam, it is crucial that you are aware of the  actions you can take to help safeguard compromised information and recover from the attack as quickly and seamlessly as possible. Fast, intelligent action is imperative to mitigating potential damage. Here are the steps you should take if you either know or suspect that you’ve experienced a phishing attack.

 

Disconnect Your Device from the Internet and Change Your Credentials

This will reduce the risk of malware spreading to other devices on the network, and will also prevent a malicious hacker from accessing your device and potentially sending out confidential information from it. Hopefully you’ve backed up your files in case they have been locked up by ransomware or get erased in the recovery process.

If you were directed to a fraudulent website where you attempted to login, change your username and password for that website immediately.

 

Report the Incident to Authorities and Set Up a Fraud Alert with a Credit Reporting Agency

Immediately report the attack you’ve experienced to the Federal Trade Commission (FTC) to receive a step-by-step recovery plan. Also forward the phishing email that you received to This email address is being protected from spambots. You need JavaScript enabled to view it. along with the organization that was being impersonated in the email to help raise awareness of the scam.

You should then set up a fraud alert with either Equifax, Experian or TransUnion that you can place on your credit report to make it more difficult for the attacker to open a new account in your name.

 

Scan Your System for Malware

If you have antivirus software installed on your device, all you need to do to scan your system for malware is to launch the program and then click a button that usually says something along the lines of “Run a Complete Scan” or “Scan for Viruses”. Be sure that the security software on your computer is updated prior to doing this. If malware is detected in the scan, most standard infections will be removed by the software. For those who are not tech savvy, it may be a good idea to have your device scanned for malware and viruses by a professional. 

If your files have been locked by ransomware downloaded from a malicious attachment in a phishing email, we recommend that you work with a team of ransomware recovery experts who should be able to advise you on whether or not you should consider paying the ransom, provide you with an individualized step-by-step recovery plan and assist you in the recovery process. (It should be noted that it is now illegal to pay ransom to hackers who are subject to U.S. sanctions - whether or not the victim or facilitators are aware of these sanctions.)

 

Critically Important - Learn from the Incident!  

Going forward, always take adequate time to stop and think before interacting with an email in any way. Stay informed about the latest phishing techniques, keep your browser updated, protect accounts with multi-factor authentication (MFA) and never share personal or financially sensitive information over the Internet. 

It is also crucial that you are aware of and alert for common signs of a phishing attack, which include:

• An urgent request for personal information
• Spelling and/or grammatical errors
• A suspicious or general salutation and/or signature
• A tone that is unexpected from the supposed sender 

That being said, the single most effective method of preventing phishing attacks is investing in a comprehensive, fully-managed email security solution.

 

“An Ounce of Prevention is Worth a Pound of Cure”

When it comes to phishing and other malicious email-borne attacks, prevention is far better than remediation. With the average financial cost of a data breach reaching a staggering $3.86 million, no business can afford the aftermath of a cyberattack due to an ineffective email security strategy. Remediation is difficult, expensive and, in many cases, a full recovery is not possible. Thus, effective email security is an investment that continues to pay off - both in terms of safety and business success.

The best method of safeguarding business email against phishing and other modern threats is ensuring that your organization has implemented a multi-layered supplementary email security solution that fortifies cloud email with critical real-time security defenses designed to fill the voids in built-in cloud email protection. Defense-in-depth is an essential element of any successful email security solution - no single piece of security software alone is capable of detecting and blocking today’s array of advanced email attacks. Securing email accounts in this heightened digital threat environment requires multiple innovative features and technologies including malicious URL protection and layered email authentication protocols designed to work harmoniously both with each other and with built-in email defenses.

We recommend selecting a fully-managed solution that is accompanied by ongoing expert around-the-clock system monitoring, maintenance and support. This critical, yet often overlooked, element of effective protection simplifies administration, enhances security, delivers a rapid return on investment (ROI) and provides an invaluable peace-of-mind, knowing that the security of your company’s most critical assets is being overseen by a team of experts.

 

Have additional questions about phishing prevention or recovery? Leave a comment below and one of our security experts would love to help you out. Ready to partner with an industry leader in securing your users, your data and your brand against phishing and other dangerous, costly attacks? Let’s get in touch.>

Stay tuned for Part Two of this mini series: The Aftermath of a Cyberattack: Ransomware Recovery Basics.