Uh-oh, think you clicked a suspicious link?! Here’s what to do

Sometimes, you can do everything you’re taught to do to identify a phishing attack, and still not notice anything out of the ordinary. With today’s technology, hackers can “ghost” legitimate emails, making it hard to spot any red flags. So, if you fall into the trap and click a suspicious link – it happens to the best of us – here are the next 5 things you should do:

Don’t Engage!

When you click a link in a phishing email, you may be redirected to a separate webpage that asks you to input personal information, financial details, or even login credentials to a certain account. DON’T!

In an attempt to induce panic, hackers will design these pages to look very scary or the pages may be identical to a trusted page in an attempt to get you to enter your details (for example, your banking login page). They may say something like “Log into your bank account to save your funds,” or “Input your personal details to avoid persecution.” These are false claims, meant to think you have to engage, but in reality, the safest course of action is to close out of the page and disengage immediately.

If you clicked a suspicious link on your work device, be sure to contact your system administrators immediately so they can investigate the situation.

Turn Wi-Fi Off

Staying connected to the internet means that your device is still at risk. The link you clicked could contain malware or spyware that relies on an internet connection to finish the download. If you stop the connection, you stop the malware in its tracks, avoiding a more catastrophic outcome.

If the link was designed to let hackers into your machine, they’ll need the internet to stay connected to your network. And again, the best thing you can do to get them out of your digital space is to disconnect from whatever internet connection you’re using.

Back Up Important Files

Most of the time, your computers and other electronic devices are conducting automated backups and saving all your data in the cloud or on an external hard drive. If you don’t have automatic backups on (you should!), then try backing up your device immediately. This will make recovery much easier and help protect all your files and applications from the attack.

Scan Your System

Even if you think you got away unscathed, it’s a good idea to scan your device for any malware or lingering suspicious behavior in the network. Hackers are more sly than ever, and they may have exposed you to vulnerabilities that you’re not even aware of.

Odds are, your device will have anti-virus software already, but if not, it’s worth purchasing a reliable software to do the job. Don’t surf the web on the affected machine – you want to stay disconnected from the internet, remember? Instead, use another device to find the right software, download it, and transfer it to the impacted device.

Update Passwords and Security Practices

After clicking a suspicious link, it’s always a good idea to update all of your passwords. It can be hard to know exactly what information was compromised, and this is an important step in mitigating future risks. While you’re updating passwords, consider enabling multi-factor authentication when it’s available.

Often, more sensitive accounts – like banking and investment accounts – will offer users multi-factor authentication as added protection. For businesses, multi-factor authentication is usually a requirement to secure cybersecurity insurance, so be sure to prioritize this.

Weary of an Email? Double Check the Validity

We’re all humans. We’re all going to make mistakes from time to time; it’s not your fault that you were the target of a malicious cyberattack. However, if you want to avoid being an easy target, be sure to look closely at emails and validate their authenticity before replying, clicking links, or following any written instructions. Here are a few reminders of red flags that may point to a phishing attack:

• Bizarre Email Addresses: Even if the name attached to the email doesn’t look suspicious, be sure to look at the email address itself. If it’s filled with some weird combinations of letters and numbers that don’t make sense, it’s most likely phishing. Also, if the sender is claiming to be associated with a certain company, but the email address doesn’t match the company’s information, that’s a major red flag.
• Urgent Content: If the body of the email feels like it’s meant to induce panic, it most likely is. Don’t be driven to take action due to claims that your account will be shut down or that your information is being stolen.
• Grammar and Spelling: Most phishing emails contain grammatical errors, spelling errors, or a combination of the two. If that’s not your forte, run it through a free grammar-checking tool online.