What to do when you think you got phished

So, you clicked a phishing link. Don’t worry—you’re one of many in internet history who have trusted an email that seemed to come from a coworker, have a legitimate URL, or offer a reasonable enough chance to visit Mars.

According to cybersecurity company Proofpoint’s recent “State of the Phish” report, 71% of 7,500 respondents across 15 countries admitted to engaging in a “risky action,” like reusing a password or using a personal device for work purposes. (Around one-fifth [19%] of the survey respondents admitted to clicking on links or downloading attachments from an unknown sender.)

Clicks happen. We spoke with security pros about what to do if you took the bait and got phished.

The basics

The IT practitioners who spoke with IT Brew agreed on some post-click actions:

• If credential compromise occurred, it’s time to change your passwords—and don’t repeat them in additional accounts, the IT specialists said. A password manager helps the effort. “I couldn’t tell you what a single one of my passwords are, because they’re all 25 characters long. They’re completely randomly generated,” Mike Britton, CISO at Abnormal Security, told IT Brew.
• Use antimalware software to perform a primary check for malicious code.
• Use multi-factor authentication. Credentials often beget more credentials, as the phisher impersonates the initial compromised account and looks to lure again; strong authentication can stop the momentum. “I’d remind people: MFA is not suggested. MFA is mandatory on all of your accounts,” Britton said.

Other tips

• Keep an eye on your credit. Roger Grimes, data-driven defense evangelist at KnowBe4, recommends setting up transfer alerts and watching for unexpected financial activity. “From a financial perspective, you want to know if someone’s trying to open loans or accounts in your name,” Grimes said.
• SOC on! Pamela Nigro, VP of security and security officer at Medecision and ISACA board director, advises companies to look into outsourcing security operation centers—a pricier option than handling protections independently, but one that provides technical expertise and a round-the-clock eye for anomalous activity like suspicious logins or malicious downloads. “We have a smaller security staff on site, and then the larger SOC that is always out there monitoring our systems,” Nigro told IT Brew.
• Hi, FBI? Depending on the severity of the compromise, Britton also recommends contacting the local FBI field office, especially if there are signs of ransomware.
• Locked and downloaded. If it appears that new code has been downloaded to a device, Grimes recommends starting over and reinstalling the operating system—Windows, for example, provides an Eternal Sunshine of the Spotless Computer kind of option. The KnowBe4 pro, however, rarely sees the reset in practice.

“Here’s the problem. People are so busy…And so they take the shortcuts, and the shortcuts are what hurt them or their company,” Grimes said.