Intelice Solutions: Blog
You got Phished – What Now?
What To Do If You’ve Been Phished
Do you have a plan in place for how to respond when you suspect that you or your business has been made the victim of a phishing scam? Follow the steps laid out in this article to limit the damage and make sure it never happens again.
Imagine you were hacked right now—what would you do?
Perhaps you clicked the wrong link in a seemingly safe email and it infected your computer. Or maybe you tried to log in to a seemingly safe website only to realize it has stolen your password.
This is more likely to occur than you may think. 81% of organizations experienced a phishing attempt in 2021, and there are expected to be six billion more attempts this year.
That’s why you need to know what phishing is, and what you need to do when you’ve fallen for a scam.
What Is Phishing?
Phishing is a cybercrime attack vector.
Here’s how it works: cybercriminals send fraudulent emails to unsuspecting targets. These emails purport to be from familiar or official sources, which tricks the recipients into revealing sensitive information and/or performing specific tasks on the sender’s behalf.
Phishing attacks are often executed as mass emails, requesting confidential information, the transfer of business funds, or linking to malicious websites and malware.
In recent years, phishing scams have become more targeted. This is because cybercriminals can now access the data from more than 15 billion stolen accounts, which includes specific personal information, and compromised usernames and passwords.
Phishing works because it only requires a surprisingly small amount of information to fool the recipient. Cybercriminals can very easily pose as colleagues, superiors or other familiar contacts and then persuade targets to send them money or divulge data.
3 Reasons Phishing Is Dangerous
- Prevalence: At the beginning of 2021, Google registered 2,145,013 phishing sites, which approaches double from the year prior. The more common phishing is, the more damage it will cause.
- Extent of Damage: The average phishing attack results in $1.6 million of damages.
- No Remediation: Citizens and organizations continue to fail to learn their lesson, and so, cybercriminals keep phishing. The number of reported phishing attacks has increased by 65% in recent years.
All of this is to say that when it comes to phishing emails—data breaches in general—it’s not a matter of if, it’s a matter of when. Do you have a plan in place to respond to an attack?
You Need An Incident Response Plan
You need to have an Incident Response Plan in place. A robust plan will include processes, procedures, and guidelines that dictate how you and your staff deal with a data breach.
The plan should include all procedures related to incident response, including who is responsible for what, what tasks need to be taken care of, and how you will minimize the chance of a repeat attack.
The core components of an effective incident response plan include:
You need to first find out how the breach occurred and the extent of the damage.
- Put together a team (or ask your IT company) to assess your systems, logs, and other available information to determine the source of the breach.
- Interview those that discovered the breach and document their accounts.
- DO NOT destroy any evidence; you may need it later, pending legal considerations.
Next, you need to fix any identified vulnerabilities and update your cybersecurity standards.
- Update passwords for all related user accounts.
- Update passcodes and keys for any physical areas that were breached or affected.
- If a third-party vendor was involved in the breach, make sure they have fixed their vulnerabilities, or consider finding another company to provide that service.
If employee or customer data was exposed, you may be required to notify them of the breach.
- Contact your legal counsel and keep them informed of the situation as it evolves.
- Inform your cybersecurity liability insurance carrier if you have a policy.
- Inform law enforcement and the FBI of the incident.
- If financial data was breached relating to accounts you don’t maintain, notify the appropriate institution so they can monitor for fraudulent activity.
- If breached data included electronic Protected Health Information (ePI), follow HIPAA breach notification directions.
- Notify affected individuals according to your state’s data breach and privacy regulations.
- Your communications should detail the following:
- The nature of the breach
- What information was exposed
- What you are doing to limit damage and prevent another incident
- What the affected individual can do
- Contact information for the appointed representative at your company
- Your communications should detail the following:
How To Immediately Respond To A Cyber Attack
Whether you have a strict plan in place or not, you need to at least understand how to act in the minutes, hours and days following a breach.
No matter what, your first step will be to contact your IT team. If you don’t have an on-call team managing your cybersecurity, don’t hesitate to find and hire one as soon as possible. Cybersecurity management is a full-time job, and it’s not something you can task any of your employees with.
Beyond that, make sure to follow these steps:
Isolate The Damage
Start by isolating the computer from your network, which will prevent further access by the cybercriminal, as well as limit the spread of malware.
- Unplug the network cable from the tower or laptop.
- Turn off your networking functions (i.e. disable Wi-Fi).
- Perform these steps manually and directly; security software may tell you it’s handled, but you shouldn’t leave anything to chance.
Backup Your Files
Make sure to quickly download any and all files to a USB drive. Keep in mind that, depending on the malware, this may infect the USB drive as well, so only use one you’re not worried about infecting.
Once you have any local data transferred to a USB drive, turn off the affected device(s) until a professional can perform an assessment. This will potentially prevent further damage to your hard drive.
Resetting your passwords is a critical step. You likely won’t know the extent of the data breach yet, and so, it is prudent to update all passwords for any potentially affected business accounts.
Furthermore, make sure to review any accounts linked to the computer in question; social media profiles, email accounts, online banking, and any other accounts may be compromised.
Restore your computer’s original operating system to ensure your settings have not been modified by the malware.
Run Your Antivirus
Double-check that there aren’t any dangerous programs remaining by having antivirus software assess your device.
Restore The Right Backup
If you have backups of the affected device, restore them to a point prior to the infection.
Monitor For Data Leaks
This last step is a long-term, ongoing effort: you need to make sure that your data has not been leaked online. Primarily, you’ll want to make sure you’re checking the dark web…
What is the Dark Web?
The Dark Web is essentially like the black market of the Internet.
It is not easily accessible like the conventional web that you and I use every day for Google searches, social media, and other websites. It also lacks any of the basic security and tracking features inherent to the Internet that the majority of us use.
That makes the Dark Web an ideal place for cybercriminals to buy and sell illicit goods such as firearms, drugs, and confidential data. Commonly, hackers will post username and password combos for sale online, along with other private information that they’ve stolen through phishing scams.
If you’ve experienced a breach, you need to find out whether your data is for sale. Unfortunately, accessing and navigating the Dark Web is a very complicated prospect. The good news is that you don’t have to handle it on your own…
How To Find Out If Your Data Is On The Dark Web
There’s only so much you can do on your own—but Intelice Solutions can help.
We use a commercial Dark Web scanning solution designed to detect compromised credentials that surface on the Dark Web in real-time, offering your business a comprehensive level of data theft protection—it’s an enterprise-level service tailored to businesses like yours.
With our help, you can ensure you know which passwords have been compromised and sold on the Dark Web, and take the necessary steps to protect the associated accounts.
Claim Your Free Dark Web Scan
Intelice Solutions is offering free dark web scans to help businesses like yours make sure their private information isn’t for sale online.
Contact us directly to claim your scan and secure your confidential data.