Cybercrime is one of the biggest risks to businesses. Cyber criminals are getting smarter and more powerful all the time. And though they’re more likely to target businesses in certain sectors, the figures prove that cyber criminals make a point of targeting small businesses.
Phishing emails are a leading cause of business cyber-attacks. In this post, we’ll quickly explain what a phishing attack is, before discussing what you should do if you think you’ve clicked on a phishing link.
Want to discuss your cyber security risks? We have a team of experts on hand to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.
What is a Phishing Attack?
You, or someone else in your business, may receive a message via email, text, or an app such as WhatsApp. This message seems to come from a trusted source, such as a bank, a supplier, or a shopping site. It may even appear to come from another individual in the company, such as a manager.
The message will request that the recipient takes some kind of action. It may openly request certain information, or it may simply invite the recipient to click on a link to confirm certain details (such as an issue with an order, or with an account).
This link, though, is a trap. It’s a phishing link, and instead of taking the recipient to an official site, it will take them to a fake site run by cybercriminals. If the recipient shares personal details on this site, then the cybercriminal will use these details for criminal purposes.
But some phishing sites simply install malware on the recipient’s computer, which will leave them vulnerable to further cyberattacks in future.
Phishing attacks are a particular risk for businesses because cybercriminals are more skilled than ever at creating messages that look almost identical to the real thing. Recipients may not realise they’re clicking a phishing link until it’s too late.
Help! I’ve Clicked on a Phishing Link!
If you think you’ve fallen victim to a phishing attack, don’t panic. It may not be too late to secure your systems. What you need to do next will depend on exactly what happened when you clicked on the link, whether you’ve entered any information into the site or if you know you’ve been hacked.
So here’s what to do if you click on a phishing link.
Sometimes, a Click is Just a Click
What happened when you clicked on the phishing link?
Did it take you to a site asking you to sign into an account?
If this is the case, you might be OK – so long as you didn’t try to sign into the account.
As we mentioned above, sophisticated phishing attacks will download malware to your computer when you click phishing links. But not all phishing attacks are this clever. Run a malware scan on your computer and be on the lookout for the symptoms of a malware attack, such as an increased CPU use, or significant slowdown when accessing files or running programmes.
Also notify your business’s IT or cybersecurity team, so that they too can lookout for any signs of unusual activity.
But in the majority of cases, if you clicked the phishing link and didn’t provide your credentials, then you should be OK. Close the tab with the phishing site, and vow to great taker care when accessing emails from now on!
What To Do If You Entered Information on a Phishing Site
So you clicked a phishing link, you reached a site that requested your sign-in details, and you attempted to sign in. Most likely, this generated an error message: “Sign-in failed”.
If this happened to you:
- Close the browser tab immediately.
- Disconnect from the internet – pull out your ethernet cable or turn off your device’s wi-fi. Make your device “forget” the wi-fi network before you attempt to connect again. Wait for a few minutes before you go back online.
- Go to the real site that the cybercriminal was trying to impersonate – whether that’s your bank, or Amazon, or otherwise.
- Change your password.
- Take a look at your account recovery information. Many services ask you to provide alternative phone numbers and email addresses you can use to sign in if you forget your password. Are these still accurate?
If you’re not able to sign in, then the cybercriminal may already have hacked your account and changed your password.
What To Do If Your Account’s Been Hacked
- If you’re using a computer that belongs to your business or employer, notify your business’s IT or cybersecurity team.
- Most online services have account recovery processes. Start this process immediately. It might take you a while to get your account back, but if you tell the provider about the cyberattack, they may be able to freeze your account to prevent the hacker from taking any action.
- Once you get your account back, change your password and review your account recovery details, to ensure the hacker didn’t change these too.
- Are you using the same password on any other sites, or for any other services? Change your password wherever you’ve duplicated it.
- Also consider whether the account the cybercriminal hacked is connected to any other accounts. If hackers see you’re using another email address for account recovery purposes, for example, they may try to access that too.
- Think about what sort of data the hacker may have been able to access via your account. If it’s payment details, then contact your bank immediately. They can then look out for any signs of unusual activity, and they may be able to help you secure your account.
- If the hacker can access sensitive information via your account – such as customer details – then you may have to take further action. You may, for example, have to instigate a formal cyber breach response process.
This is Why You Need Dedicated Cyber Insurance
As we said above, cybercriminals are getting smarter all the time. They can now create phishing emails that appear so authentic that they could conceivably catch anyone out.
Only dedicated cyber insurance will cover you for a cyber breach. With specialist cyber insurance cover, you’ll have the support of cyber security experts who’ll help you effectively respond to a cyber-attack. This support can make it more likely that you’ll recover your systems, your data, your integrity, and your reputation.
If you have any questions about business insurance, or if you want to discuss your cyber security risks, we have a team of experts on hand to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.
