Suggested Blogs
How To Spot A DocuSign Scam Email
25 September 2023
What To Do If Your Business Email Gets Hacked
21 September 2023
Why Do Over 90% of Cyberattacks Begin with an Email?
18 September 2023
In this notorious scam that has dominated the email threat landscape for decades, a malicious actor poses as a reputable party, sending fraudulent emails with the goal of tricking victims into sharing sensitive credentials or downloading malware. Phishers typically employ social engineering techniques to craft well-researched, convincing attack campaigns. Phishing emails often contain malicious URLs that direct users to fraudulent websites where credentials are collected; however, attackers are increasingly employing stealthy fileless techniques in an effort to evade detection.
Clicking through a malicious link embedded in a phishing email can have severe consequences including data theft, account compromise and financial loss. One wrong click can also result in serious reputation damage and significant downtime - or even permanent closure - for businesses. Sensitive information stolen in a phishing scam can be used to initiate fraudulent wire transfers in which a victim is tricked into transferring funds to an account controlled by the attackers. The FBI has released that a reported $221 million was lost to wire transfer fraud in 2019 - and only 15% of wire fraud is reported. Email accounts that are compromised in phishing attacks can also be used in dangerous email account compromise (EAC) scams to compromise further accounts.
Clicking on a phishing link or opening an attachment in one of these messages may install malware, like viruses, spyware or ransomware, on your device. This all happens behind the scenes, so it is undetectable to the average user. In some cases, clicking through a phishing link results in the installation of ransomware, spyware or other dangerous malware. Ransomware victims typically experience significant downtime and data loss.
Always take time to stop and think before interacting with an email in any way. Phishing attacks often convey a sense of urgency to dissuade recipients from engaging in this best practice.
Businesses can protect against phishing by implementing a layered supplementary cloud email security solution that offers malicious URL protection and uses multiple email authentication protocols to detect email spoofing and prevent sender fraud.
Before anything, it is important you confirm you interacted with a phishing link, which can be confirmed by inconsistencies in the sender’s email address, links and domains. Hovering your cursor over the link before clicking provides a preview of the URL, a domain that doesn’t exist is likely to be a phishing link. After confirming the phishing link, you must stop interacting with the page and delete any downloaded files. Search for the intended target site using a search engine. Compare the legitimate web address and content to the phishing site. Watch for suspicious account activity, calls, or texts. If attackers have previously collected your data successfully, victims may receive additional calls or messages asking for further action, as there is a higher likelihood the victim will engage after falling for a previous attempt.
Smartphones are susceptible to hacking via phishing links found in text messages, email, or software. By interacting with a phishing link, you run the risk of accidentally downloading malware, or being redirected to a malicious website controlled by hackers who intend to collect user information. A hacker only needs a device connected to the internet to infect it with malware.
Smartphones may be exploited with multiple malware variants. Purpose-built apps can compromise your device by causing apps to malfunction, drain your battery or data, slow the device, or even install apps.Most importantly, it is critical to learn from the incident and proceed with caution. Always take time to stop and think before interacting with an email in any way. Phishing attacks often convey a sense of urgency to dissuade recipients from engaging in this best practice. That being said, the single most effective method of preventing phishing attacks is investing in a comprehensive, fully-managed email security solution.
In the event that you do fall for a phishing scam, it is important to be aware of the actions you can take to help safeguard compromised information and recover from the attack. Even if you clicked on a phishing link but didn't enter any information, you are still at risk, as the link may still have been used to deploy malware or spyware on your device.
Our security engineers recommend these next steps that you should take if you either know or suspect that you’ve experienced an attack:
Disconnecting from the internet will help reduce the risk of malware spreading to other devices on the network. This will also prevent a malicious actor from accessing your device or sending out confidential information from it.
Set up a fraud alert with either Equifax, Experian or TransUnion that you can place on your credit report to make it more difficult for the attacker to open a new account in your name.
Backing up your data is the best way to minimize the damage in the event of a phishing attack, or in case they get erased in the recovery process.
If you were directed to a fraudulent website where you attempted to login, immediately change your username and password. Use a password manager to make changing passwords across all devices easier. It will also help you to identify weak passwords and assist you in changing them to more secure ones.
After disconnecting your device from the internet, use an antivirus program to perform a scan of the device. Once completed, remove or quarantine any of the suspicious files detected.
The FTC will provide you with a step-by-step recovery plan. Forward the phishing email that you received to
The best way to prevent a successful phishing attack is by being educated. With proper cybersecurity awareness training, you will learn about threats such as phishing, ransomware, social engineering attacks and more.
In order to prevent an attack, it is best to be aware of cybersecurity best practices and tips for recognizing a phishing email. Some tips for avoiding a phishing attack and protecting sensitive information include:
Most importantly, if you’ve accidentally clicked on a phishing link it is critical to learn from the incident and proceed with caution. Always take time to stop and think before interacting with an email in any way. Phishing attacks often convey a sense of urgency to dissuade recipients from engaging in this best practice. That being said, the single most effective method of preventing phishing attacks is investing in a comprehensive, fully-managed email security solution.
You have not completed your Email Risk Assessment, please continue to get your results.