What to do if you’ve been caught out by a phishing email
In our last post, we talked about how to spot phishing emails. Hopefully you’re now equipped with the knowledge you need to avoid falling foul of these malicious mails, but even the most eagle-eyed among us can sometimes be duped…
If you’ve used your new-found skills to correctly identify a phishing email, well done! Don’t click anything in it – just consign it to the bin where it belongs. But what should you do if the worst happens and you inadvertently click a link or open an attachment in a phishing email? Keep calm and follow the steps below.
Change your password
If you’ve fallen victim to an email pretending to be your bank, social media account or anywhere else you have a login, change your password for that site immediately, using a different computer or mobile device from the compromised one. If you use the same password in lots of other places, be sure to change it everywhere (and make a different password for each site while you’re at it!). Have a look around your accounts to see if you can spot any immediate signs that they’ve been tampered with.
First things first, disconnect the device you used to open the dodgy link or attachment. This is a bit like removing the oxygen from a fire – act quickly and it could stop the attacker gaining remote access to your device, installing malware and sending out harmful files from it.
Contact the organisation the phishing email was imitating
If you’ve been duped by an email pretending to be an organisation you know and trust, contact them to let them know they’re being impersonated. If possible, send a screenshot of the email in question, including the sender’s email address. They may have instructions for you on how to safeguard your account with them – including changing your bank card if you’ve revealed sensitive financial details.
If you think your bank details may have been compromised, it’s also worth contacting credit report agencies to let them know, as you don’t want your credit score being affected by someone else’s fraudulent activities.
Run a virus scan
Get your antivirus software to work scanning through all the files on your computer so that you’re alerted to anything nasty that may have been installed on your device. This software can usually also delete malicious files for you.
Know the signs of identity theft
Although it’s not a given that your identity has been stolen, phishing emails are all about ID theft, so you’ll need to be on the alert for any tell-tale signs that could suggest your details are being used fraudulently. For example:
- Entries on your bank statement that you don’t recognise
- Bills or debt collection letters arriving for things you didn’t sign up for
- Products arriving that you haven’t paid for
- Email log-in alerts that you don’t recognise
Call your IT support team
Of course, if you have an IT support team then you can rewind to the beginning of these steps and make them your first port of call in the event of a phishing incident. We’re on hand to help with disaster recovery and can get your systems back up and running in record time in the event of an attack.
If you don’t already have an IT support team to call on when things get serious, give us a ring on 01509 808586 or email email@example.com
More services to help
We offer a comprehensive range of IT services to suit all businesses - from "helpdesk"-style IT support to data centre hosting services.
Your business doesn’t run itself; and neither do its IT systems. From email to Internet, your back-up server to your phone system, you need technology to run smoothly so your business can do the same.
From ad hoc projects to ongoing, proactive support contracts, deeserve can plug into your department any time to provide specialist server and network management.
Our fully managed colocation services make use of data centres across the UK, to securely house your network equipment.