Oops! I Clicked On A Phishing Link! What Should I Do?

Summary: This concise article addresses what to do after clicking a phishing link. Learn how to avoid falling victim to a phishing attack and what steps you can take if you accidentally click on a malware link. Contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com for a phishing assessment and an overall cyber risk analysis.

Humans are impulsive creatures. Perhaps everything we’ve learned started with some curious caveperson acting on a natural impulse to figure things out. Did whoever discovered fire impulsively stick their finger in the flame only to get burned? An early lesson learned. Although we’ve come a long way, we still often act on impulse. In our connected cyber universe, impulsivity can sometimes have disastrous results. Reckless use of your connected devices without employing cyber security best practices can lead to a long list of adverse outcomes, including everything from relentless, annoying adware to a full-blown ransomware attack. All it takes is one wrong click. If you do not think before you click, you can unknowingly click on a malware link designed by hackers to steal your data.

The most common ploy used by cybercriminals is phishing. Phishing is a type of social engineering used to trick users into sharing personal information. Usually, the hacker’s goal is to steal as much private data as possible to breach social security numbers, bank accounts, credit cards and more. In the worst case, a phishing attack can lead to total loss of data, an infected network, including all its connected devices, and identity theft.

Originally, embedded malware links in emails were the lures that led to impulsive clicks. Over time, phishing has branched out to include:

• Smishing – Smishing uses bogus SMS text messages as the platform to fool users into disclosing private data and clicking on malicious links.
• Vishing – Vishing uses phone messages (instead of emails) to panic users into impulsive actions that make their network vulnerable to a cyberattack.
• URL Phishing – URL phishing uses emails to direct users to fake, malicious websites that look legitimate and fool them into voluntarily revealing personal data such as login credentials (user names and passwords), credit card info and other private data.
• Clone Phishing – Clone phishing and URL phishing have similar goals: to trick users into disclosing private data. In clone phishing, cybercriminals replicate trusted domains and websites. The more sophisticated the hacker, the more challenging it is to spot clone websites.

How To Tell If You’ve Fallen Victim to Phishing

As phishing attacks account for more than 80% of cyberattacks, it is essential to know what to look for to avoid them. Professional hackers make it more complicated if you’ve been phished, but there are a couple of signs to watch for:

• Suspicious Emails – If you receive an email from an alleged, trusted source that feels suspicious or asks for personal information, check with the source directly. One quick phone call to confirm legitimacy can save you from the consequences of being phished.
• Fake Domains – Sometimes hackers will create counterfeit domains that look very similar to real ones. For example, it is easy to miss the difference between a domain with the name google.com, gooqle.com and qoogle.com. At a glance, users can overlook the subtle differences in domain names.
• Pressure Tactics – With emails or texts that pressure users to “Act Immediately” or “Click Here or your account will be terminated,” cyber thieves are fueling our natural impulsivity by adding urgency. Instead of giving in to the impulse, do the opposite – slow down and investigate further before responding. If you are unsure of the source, don’t click on anything and delete the message.
• Typos and Grammatical Errors – Most legitimate organizations have editors who endeavor to ensure perfect spelling and grammar in their marketing materials. If glaring errors are present, they could be a sign of a phishing scam.

What To Do After Clicking A Phishing Link

If you accidentally click on a phishing link, don’t panic. In fact, panicking can lead to more impulsivity. Here are steps to take if you think you’ve clicked on an erroneous link:

• Don’t Provide Any Private Information – If you think you’ve clicked “in the wrong direction,” do not volunteer any information to the bad actor that can lead to further compromise.
• Back Up Your Data – If you don’t back up daily, back up all your data as soon as possible, in case your computer system is about to be breached by a cyberattack.
• Disconnect Devices from the Internet – The quicker you get offline, even if you must turn off your WiFi, the more likely you are to mitigate the consequences of a phishing scam.
• Perform Complete Virus Scans – Even if you think nothing happened after clicking on a phishing link, it is good protocol to run scans immediately to ensure your system has not been infected with malware.
• Change Passwords – It is a standard best practice to change any passwords relevant to platforms containing any personal data. Taking a couple of minutes to change your passwords can slow down or stop the fallout from a cyber threat.

If you survive a phishing attack with little or no damage, ensuring your system is protected is crucial. If you are unsure whether you’ve been phished, contact professional IT experts to perform a phishing assessment and an overall cyber risk analysis to find any vulnerabilities in your computer network and address them with robust, state-of-the-art cyber security.