If you’re a victim of phishing attack and looking for help. Here’s what to do If you click on a Phishing Link.
Phishing links are the most common tool used by the cyber criminals to lure the common people into giving up their personal information. Phishing is derived from the word “fishing” because of how one baits the person to give up their valuables, in this case their personal data.
Phishing is the predominant modern cybersecurity threat – makes up for over 90% of all cyber attacks. This notorious scam that has dominated the email threat landscape for decades, a malicious actor poses as a reputable party, sending fraudulent emails with the goal of tricking victims into sharing sensitive credentials or downloading malware.
In 2018 according to a study, 700,000 phishing emails were sent, and nearly half of them were opened and nearly 1/3 of the people opened the link in the phishing email.
In 2019, about 475,369 phishing attacks have taken place according to APWG Phishing Attack Trends Reports. Then number of phishing sites detected in the second quarter of 2020 was 146,99.
1. Disconnect the Devices
Completely disconnect your device from the internet and run an anti-malware scan to check the device for any infected files. While running the scan, do not forget to keep the device disconnected so that no information flow will take place. This will also prevent a malicious actor from accessing your device or sending out confidential information from it. Data or sensitive information is sent to the perpetuator over the internet connection from the victim’s device, and disconnecting internet will stop this attack on its track.
2. Scanning the files
If there are any infected files, quarantine or delete the files. It is also suggested that in this scenario, completely resetting the device will also help. Backup the non-infected files before doing that. Using trust worth antivirus software along with the Windows Defender will help the most, as the modern version of Defender is more than capable of identifying the threats and isolating them.
If you were directed to a website for login info, change your password for that account and enable 2 factor authentications (2FA) for that particular account. 2FA makes sure that whenever you log in, or if someone tries to log in, it will send an OTP or a pop-up message on the app ensuring it was you who tried to log in. All social media websites, especially banks, offer 2FA and is foolproof till the point you do not share the OTP.
Read here to know more on how to generate 2FA code
Always double check the link when you click on it, official links from reputable websites do not have weird names. Other signs of phishing emails include:
- Misspelled words.
- Discrepancy between the language used in the email and the website.
- Request for personal information for a simple task.
- Unprofessional language used in the email.
- Unsolicited forms attached with the email.
Always double check the link you have opened for its authenticity. All official websites of a company have a Lock sign or symbol in the URL bar, showcasing that the connection is secure.
Update your password regularly, at least once in 3 months. Keep the passwords that are hard to guess by using combination of letters, numbers, and special signs.
5. Fixing the Mistakes
If you have given any type of bank details, contact the ban immediately and let them know. You will probably have to block your account for some time. Do not share any kind of OTP pass codes with anyone. If you have given the login and password of any specific account, immediately change your password to that account and make sure that its not connected to any other sensitive account with more information.
One can also enable security features on their browser to enable web content filtering wherein the browser will show a security risk before the website is loaded on the device. This way, even if you were to lick on a link, your browser will block the website from loading while showing you a security risk.
Furthermore, deleting all data/cache from Firefox, Chrome, or your choice of browser (including the databases created by the sync feature). This will also help in deleting any unwanted files in the system.
FAQs on ‘What to Do If You Click on a Phishing Link‘
I opened the email but did not click on anything in the email. Am I in danger?
If you opened the email and did not clink anything in the email, you are not in any kind of danger. The phishing attack only works if one clicks on the link.
If you clicked on it, and it takes you to a website to put in your sensitive info and you did not, you will be safe. If any kind of permission pops up or any download request, immediately click on deny access or its likewise.
First, the sender of the link will have a proper email ID and not some gibberish. The fake link will not be able to redirect you if you click anywhere else that usually has a clickable area. The fake links will have gibberish URL for example: www.lbfacebook,com and www.facebook.com , where the former is fake. On fake websites, there will be no lock symbol near the URL bar.
Should I put fake information just to mess with the cyber criminals?
It is advised not to do so. If you come across anything suspicious, it is best to ignore it and delete the source. The cyber criminals can still get access to your IP address and will continue to send more and more links.