Whether in their personal lives or in their business, people try to minimize the risk of cyber-attacks. We put in anti-virus software and maintain secure passwords. We set up processes to limit risk, and we train employees on how to avoid creating gaps that hackers can exploit. Unfortunately, hackers are working as hard and fast to get around these defenses as we put them up. And sometimes they get through, often through phishing schemes. Here’s what you should do if you think you or your organization was the victim of a phishing attack.
Activate Your Incident Response Procedures
The first step is to limit the potential spread by cutting off the computer from the internal networks and the internet. Staff should do that according to the training they’ve received. Then you call in the IT experts who follow their own incident response or IR procedure, though they may be the ones that isolate the computer when they realize it is infected. The goal of any IR procedure is to determine the who, what, when and where of the incident. Determining the scope of the problem helps you decide what countermeasures need to be taken.
Seize the Evidence
The next step in many IR procedures once you’ve limited the potential spread of the infection is to get a copy of the email with all attachments. The IP address that sent the message is probably a compromised machine. This and much else of what IT security needs to know can be discovered with free forensic software.
The attachments may tell you the virus or method used to compromise your network. There are free software tools that will allow you to analyze attachments. With tools like these, your IT department can determine if the route was a zip file carrying a virus, malware activated by clicking a link in a PDF, or fake login notice where someone entered their network credentials.
Change Your Passwords
If you’ve been a victim of a phishing attack personally, you should go to another computer and change your passwords. This will prevent hackers from doing damage using any credentials they’ve stolen from your computer. If you use the same passwords on other accounts, change the passwords on any other accounts using those same passwords because hackers will try to use the passwords that they have on any other site they know you access. Change your password hints and security questions, too, since this personal information could be used to hack other accounts tied to you.
While you’re at it, check your profile information. If you, or someone posing as you, hasn’t logged in for a while, you’re fine. If there is recent activity you didn’t do yourself, contact IT support or customer service at those organizations to limit the damage.
Scan for Malware
Whether you clicked a link or downloaded an attachment, the computer needs to be scanned thoroughly for viruses and malware. If you work for a large company, they’ll check the computer and anything else it was connected to. If you’re by yourself, you may need to bring in an expert to make sure the computer isn’t compromised before you connect it to the internet and resume business with your new passwords. This reduces the risk of accidentally visiting a malicious site trying to research unusual processes to determine if they are malicious.
Technology can build a complex defensive structure, but anyone can leave the gate open or let in a Trojan horse. This is why every organization needs complete procedures to deal with phishing incidents to limit the damage when they do occur.