Phishing is the predominant modern cybersecurity threat - accounting for over 90% of all cyberattacks. In this notorious scam that has dominated the email threat landscape for decades, a malicious actor poses as a reputable party, sending fraudulent emails with the goal of tricking victims into sharing sensitive credentials or downloading malware. Phishers typically employ social engineering techniques to craft well-researched, convincing attack campaigns. Phishing emails often contain malicious URLs that direct users to fraudulent websites where credentials are collected; however, attackers are increasingly employing stealthy fileless techniques in an effort to evade detection.

Costly Clicks - Beware of Phishing Links

Clicking through a malicious link embedded in a phishing email can have severe consequences including data theft, account compromise and financial loss. One wrong click can also result in serious reputation damage and significant downtime - or even permanent closure - for businesses. Sensitive information stolen in a phishing scam can be used to initiate fraudulent wire transfers in which a victim is tricked into transferring funds to an account controlled by the attackers. The FBI has released that a reported $221 million was lost to wire transfer fraud in 2019 - and only 15% of wire fraud is reported. Email accounts that are compromised in phishing attacks can also be used in dangerous email account compromise (EAC) scams to compromise further accounts.

In some cases, clicking through a phishing link results in the installation of ransomware, spyware or other dangerous malware. Ransomware victims typically experience significant downtime and data loss.

Businesses can protect against phishing by implementing a layered supplementary cloud email security solution that offers malicious URL protection and uses multiple email authentication protocols to detect email spoofing and prevent sender fraud.

How To Recover from a Phishing Attack

In the event that you do fall for a phishing scam, it is important to be aware of the  actions you can take to help safeguard compromised information and recover from the attack. Here are the steps you should take if you either know or suspect that you’ve experienced an attack ie clicked a phishing link in email on any device:

  • Disconnect your device from the Internet to reduce the risk of malware spreading to other devices on the network. This will also prevent a malicious actor from accessing your device or sending out confidential information from it.
  • Backup your files in case they get erased in the recovery process.
  • If you were directed to a fraudulent website where you attempted to login, immediately change your username and password.
  • Scan your system for malware.
  • Set up a fraud alert with either Equifax, Experian or TransUnion that you can place on your credit report to make it more difficult for the attacker to open a new account in your name.
  • Report the incident to the Federal Trade Commission (FTC) to receive a step-by-step recovery plan. Forward the phishing email that you received to This email address is being protected from spambots. You need JavaScript enabled to view it. along with the organization that was being impersonated in the email to help raise awareness of the scam.

Most importantly, it is critical to learn from the incident and proceed with caution. Always take time to stop and think before interacting with an email in any way. Phishing attacks often convey a sense of urgency to dissuade recipients from engaging in this best practice. That being said, the single most effective method of preventing phishing attacks is investing in a comprehensive, fully-managed email security solution.