2023-09-11 08:00:00
In the event that a cyber attack is related to work accounts or devices provided by a company, follow the rules and immediately inform the IT department.
Photo: CASE.
Central America. Misspellings, strange grammar, urgent or threatening language, and lack of context are common signs of phishing attacks. However, some phishing threats are more difficult to detect, involving a significant investment of time and meticulous planning on the part of attackers, even examining the target’s previous communications, ultimately making the deception difficult. very convincing and successful.
A popular tactic used by scammers in large-scale fraudulent campaigns is to exploit current events. For example, what looked like an email from the UK’s National Health Service to offer a free COVID-19 test was actually a way to obtain victims’ personal data through a fake form.
Therefore, ESET shares ten things to do immediately afterwards to minimize the damage.
Do not give more information: Suppose you received an email from an online store that, although it raised some suspicions, you clicked on the attached link without much thought, or out of curiosity, and although it leads to a website that seems legitimate, the doubt remains.
The simplest thing is to refrain from sharing additional information: do not enter credentials or provide bank details or other data of equal sensitivity. If the scammers just wanted the data and didn’t compromise the device with malware, chances are you’ll be able to dodge the bait, or get away with it.
Disconnect your device from the Internet: Some phishing attacks can result in you being given access to your computer, mobile phone or other device. They can deploy malware, collect personal or device information, or gain remote control. To mitigate damage, it is essential to act quickly.
The first thing to do is disconnect the device from the internet. If using a wired PC, simply unplug it. If you are connected via Wi-Fi, disable that connection in the device settings or activate the airplane mode function.
Back up data: Disconnecting from the Internet will prevent more data from being sent to the malicious server, but the data is still at risk. Files should be backed up, especially sensitive documents or files with high personal value, such as photos and videos.
Backing up data after it has been compromised can be risky as it may have already been compromised by malware. Instead, files should be backed up regularly and preventively. If malware affects the device, data can be recovered from an external hard drive, USB flash drive, or cloud storage service.
Perform a scan for malware and other threats: Do a full scan of the device with anti-malware software from a trusted vendor, while the device is disconnected from the Internet. Ideally, you should run a second scan using, for example, ESET’s free online scanner. Download the scanner to your computer or a separate device, such as a USB hard drive, that can be inserted into the infected computer and install the software from there.
Do not use the device during scanning and wait for the results. If the scanner finds suspicious files, follow its instructions to remove them. If the scanning process does not find any potential risks, but you still have concerns, contact your security provider.
Consider a factory reset: Factory reset means returning the phone to its original state by deleting all installed apps and files. However, some types of malware may persist on the device even after a hard reset, however, wiping the mobile device or computer will most likely successfully remove any threats.
Remember that a factory reset is irreversible and will erase all locally stored data. The importance of taking regular backups cannot be stressed enough.
Reset passwords: Phishing emails can trick you into divulging sensitive data, such as ID numbers, bank and credit card details, or login credentials.
If this is believed to be the case, especially if the phishing emails ask for a specific username to be provided—for example, with a LinkedIn-themed scam—you should immediately change your login credentials, many even more so if the same password is recycled in several accounts such as email, online banking or social networks.
These situations highlight the importance of using unique usernames and passwords for different online services. Using the same credentials on multiple accounts makes it easier for attackers to steal personal data or money.
Contact banks, authorities and service providers: If you provided bank or credit card information or access information to a website with access to cards, you must immediately contact the entity that provides them.
They can block or freeze the card to prevent future fraud, minimizing financial damage. Check if your bank (or payment services) has a refund policy for scam victims. To prevent other people from falling for this scam, also notify your local authorities.
Spot the differences: When criminals gain access to one of your devices or accounts, they may change your login details, email addresses, phone numbers, or anything that can help them gain a foothold in the account and take it over for longer.
Review social media activity, banking information, and order history for your online purchases. If, for example, you detect a payment that seems strange, unknown or unauthorized, report it, change your login credentials and, if applicable, request a refund.
Search for unrecognized devices: If hackers stole your account data, they will likely try to log in from your own device. Most social media platforms keep a record of logged in sessions in their privacy settings. Do that check and force log out on any unknown device.
Notify friends, contacts, service providers and employer: Sometimes scammers use the contact list in a compromised account to spread phishing or spam links. Keep this in mind and take steps to prevent others from falling for the same scam.
#Ten #immediately #clicked #fake #link