It is now common for users to accidentally respond to phishing emails. Phishing attacks are common, with spearphishing being one of the most popular tactics used by attackers. Email security is essential in this environment. End users need to know what to do and how to respond quickly to phishing emails.
Phishing emails can be used to target any employee in an organization. It is important to have best practices that can be applied by all employees. These guidelines should be included in an organization’s comprehensive security awareness program.
Criminals can use email, text message and phone calls to communicate with them
Criminals will try to get you to do something that they can use to their advantage.
Scammers will often try to get you to click on a link in a text or email. You may be sent to a questionable website that could install viruses on your computer or steal your personal information.
The approach over the phone may be more direct and ask for sensitive information such as bank details.
They pretend to be someone you trust or an organization you trust. It could be your Internet Service Provider, local council, or even a friend in dire need. They may also contact you via phone, email, or text message. When talking about email, the term “phishing” is frequently used.
Scams during COVID-19 Pandemic
Cybercriminals see this opportunity to exploit the concern about coronavirus. They may offer financial rewards or claim that they have a cure for the virus. These criminals will try to trick you into giving them your personal information, just like many other scams. They might also imitate real NHS messages.
These messages are often very difficult to detect. These messages are intended to make you react quickly and without thinking.
Don’t panic if you believe you have already been contacted by a scammer. There are many things you can do to minimize any harm .
Reporting suspicious messages
You might get the message from someone you don’t know or from a company that you don’t usually receive communications. It could be a hunch. Report any suspicions. You will help to protect more people.
You can report suspicious text messages to your phone provider free of charge using the shortcode 7726.
Your provider can look into the source of a message you have sent and take appropriate action if it is found to be malicious.
You can report a message to your provider if 7726 does not work.
What to do if you’ve already responded
If you have already replied to a suspicious email, follow these steps:
- Contact your bank if you feel you have been tricked into giving your banking information.
- You may suspect that your account was hacked.
- You can contact your IT department if you have received the message via a work phone or laptop.
- Open your antivirus software (AV) if you’ve opened a link or followed the instructions to install it. Run a complete scan. Let your antivirus software clean up any problems it finds.
- You should change your password if you have given your password.
- Tell your bank if you have lost money and report it to Action Fraud (for England and Wales) or Police Scotland(for Scotland). You will be helping to fight criminal activity and preventing others from falling prey to cybercrime.
Spotting suspicious messages
It is becoming more difficult to spot scam phone calls and messages. Even experts can be fooled by many scams. There are a few tricks criminals can use to get you to act without thinking. Here are some things to watch out for:
- Authority Is the message purporting to come from an official? For example, your bank, doctor, a solicitor, or a government department. To trick you, criminals will often pretend to be high-ranking people or organizations.
- Urgency Are you being told that you only have 24 hours to respond or that you must respond immediately? You may be threatened with severe consequences or fines by criminals.
- Emotion Does the message cause you to be afraid, panicked, hopeful, or curious? Criminals use threatening language to make false claims of support or tease people into wanting more.
- Scarcity Is the message promising something in short supply like concert tickets, money, or a treatment for a medical condition? You may be afraid of missing out on a great deal or an opportunity and you might respond quickly.
- Recent events – Do you expect to receive a message such as this? To make their scams seem more relevant, criminals often use current news stories, major events, or specific times of the year (like tax reporting).
It could be real
You want to make sure that you are not being misled by a call or message from an organization you already have a relationship with.
- Return to something you trust. Log in to your account or call the advertised number. Do not use any links or contact information in messages you receive or give over the telephone.
- Seek out a source that has already stated what they will never question you. Your bank might have said that they would never ask you for your password.
Make yourself a harder target
Public information can be used by criminals to convince you with phishing messages. This information could be obtained from your social media accounts.
You can make it more difficult for criminals by doing the following:
- Review your privacy settings for your online accounts and social media apps.
- Consider what you post and who it is visible to.
- Unlist your phone number or to ‘ex-directory.
We offer detailed guidance on how to protect your privacy on social networks.
It is important to note that scammers can send phishing emails to employees in a variety of ways. The latter will be used by attackers to impersonate an existing legal entity such as a bank.
To be successful in responding to phishing attacks, the steps below require collaboration from several parties within an organization. The person who replied to the email should coordinate with security analysts and the information security manager. If the user is an individual, then the same steps apply as above, provided that the victim engages the appropriate law enforcement agency.
1. Change account passwords
Phishing attacks have evolved over the years to be more sophisticated and stealthier. They can be deployed in multiple ways, but their main objective–harvesting login usernames and passwords–has generally remained consistent.
Responding to phishing emails may involve providing login credentials for an application the attacker has created to appear as an existing app. An attacker could then steal the login credentials of the victim and use them for other cyber crimes, such as email fraud. This type of attack is very likely. It’s important that any compromised user changes their password immediately.
Spear-phishing attackers usually deploy thorough information-gathering processes on their targets once they’ve been compromised. Once the attacker has tied the phishing attack victim with a specific account, they will attempt to use similar credentials to other accounts. It is important to change passwords for not only the compromised account, but for all associated accounts. Many phishing victims share a single password across multiple accounts.
It is highly recommended that all online accounts have their passwords changed. To ensure that password complexity requirements are met, email passwords should be changed immediately.
2. Report the phishing incident
Phishing attacks can be used on a large scale to target many victims at once. Most phishing attacks target employees in the same company. Notifying the company immediately can help to ensure that other employees, who may have been sent the same phishing email but have not responded, are not also affected by the attack.
Reporting phishing incidents should be done via the IT service desk, or according to the organization’s cyber-incident response procedures (CIRP). The report will be used to open an internal investigation into the phishing attack.
Well-timed reporting of an incident–that is, as soon as a user realizes they’ve responded to a phishing email–allows information security technical staff to launch crucial information-gathering about the attack. Proofpoint’s phishing-email reporting tool, PhishAlarm, allows users to report suspected phishing emails promptly to security teams. This allows them to launch prompt responsive activities.
3. Examine the phishing attack
A phishing scam response can cause harm to both the individual user and the entire organization. Responding to phishing emails can lead to account compromise, unauthorized access to company networks and systems, as well as the introduction of malware to victim’s computer.
It is crucial that you initiate an investigation into the phishing incident immediately after it has been reported to the IT service desk. This investigation will gather information relevant to the phishing attack, and evaluate the impact of the attack.
This stage is crucial because it allows you to identify the phishing emails users have engaged with, locate other messages from the same sender, or have the same link, determine who else may have received the email, and pull those messages out of the users’ inboxes.
To identify malicious software that may have been installed on the victim of phishing attacks’ computer or network, endpoint analysis should also be performed. Identity theft is a serious concern for victims of phishing attacks.
If necessary, it should be blocked. If the account has been compromised by phishing attacks, users can ask their bank to block it.
The owners of the fake email should notify the authorities and initiate investigations to look for suspicious activity. A financial institution, for example, should monitor accounts of customers who have been victims to phishing attacks.
4. Engage the relevant regulatory authorities and law enforcement
Many industry standards and government regulations require that phishing incidents are reported within a specified time period after the incident is first identified. An incident involving a response via phishing email should be reported to the appropriate authorities. This is especially important for healthcare organizations.
Not only is it important to ensure compliance with industry standards, regulations, but you also need to file a complaint with the appropriate law enforcement agencies. Sometimes, the severity of the damage caused by phishing may influence the need to file a report with law enforcement.
5. Protect yourself against future attacks by implementing remediation strategies
Users must be aware of the current phishing attack vectors used by attackers as a first line defense. Organizations must provide comprehensive security education and training to ensure this happens.
To help users avoid falling for phishing emails, they can run internal simulations of phishing scams. Simulating phishing attacks in real life will help users spot them more easily.
Organizations must also educate and train their workforce about the danger of phishing scams. These include blocking phishing emails by using email security techniques like email filtering, sandboxing and machine learning models.
Threat Response Auto Pull
Proofpoint Threat Respond Auto-Pull allows your security and messaging administrators to speed up the phishing incident response process for anyone who replies to a phishing attack. TRAP will automatically delete malicious emails once the malicious email has been detected. It will automatically move unwanted email to quarantine if it reaches end users inboxes. This includes forwarded mail and distribution lists. This creates an auditable activity trail. TRAP is a powerful tool to combat phishing attacks and dramatically reduces the time required to remove malicious emails.
Phishing attacks are possible in any industry and at any size. All organizations need to establish guidelines so that their users are aware of what to do if they fall for a phishing scam.
You can learn more about the dangers of responding inadvertently to phishing scams, and how they can be orchestrated. Refer to our previous article on basic attack vectors and associated risk of Phishing.