Phishing First Aid

Your work day has just begun. You’re waiting for your coffee to cool enough to sip as your computer powers up. You open your email inbox. You see a message from your bank. You bemusedly wonder why your bank is sending a message to your work email rather than your personal address.

You open the message and absent-mindedly read it (such a huge financial institution ought to be able to hire a proof-reader!) then click on a link. Then reality starts to sink in. Why did your bank use this email address? Where are their proof-readers?  You look closely at the link URL and notice the “a” is missing from bank.

Ack!!! You’re the victim of a phishing attack! All may not be lost, however. Just like any accident victim, if you act quickly enough, you might prevent serious damage, or at least contain it.

1. Get offline immediately! If malware was set to invade your system the moment you clicked a link, you already have it. But these nefarious applications need internet access to make off with your files or spread the infection to business servers or to co-workers, business contacts and friends. If you’re hard-wired to the internet, unplug the Ethernet cable (it’s probably going into a wall jack). If you’re using Wi-Fi, disconnect. Fast!
2. Use another computer to visit SynchroNet’s Support Desk to open a support ticket with SynchroNet. Depending on your unique circumstances, we may ask you to reconnect to the internet or we may pick up the affected computer to fix it remotely. No matter what, we’ll run enterprise-level security utilities like anti-virus or anti-malware to make sure that no bad or malicious software remains on your computer — software like keystroke loggers, adware, spyware, and more.
3. Reset your passwords. It’s likely that you have used your computer to log into secure environments — maybe online banking, maybe an online forum, maybe the patient portal available via your doctor’s office. If your computer has been compromised, it’s important to use an unaffected computer on a secure internet connection to reset all of your passwords to be sure that your protected data is safe. Leverage a password vault to track your passwords.
4. Bone up on useful strategies to avoid phishing schemes in the future. Use past articles from our blog for lots of great information.
5. Check your confidence level … and proceed. At this point you’ve done as much as possible to mitigate damages. As you move forward, watch carefully for telltale signs of danger  like URLs with misspellings or unusual requests for information. Of course, you’re a member of The SynchroNet Way, so we’re here to offer to talk it over with you and offer our guidance.