What To Do After You’ve Been “Phished”

Every day, over half of the Internet’s users receive at least one phishing email. With such a high phishing frequency, it’s nearly impossible to completely eliminate the risk of an attack—but there are many ways to reduce the overall impact. It’s especially important to prepare an effective response strategy for the company. To help you prepare, we’ve created a list of the most important steps to take after you’ve been “phished”:

Important Steps to take after Phished

1. Activate Your Incident Response Plan: If you haven’t yet determined your incident response plan, it’s important to begin drafting one now. As you develop your plan, remember that the details matter. Make sure to specify what key personnel should be notified when a phishing scam is detected and how information about the breach will be communicated throughout the entire organization. It’s usually helpful to create a communication timeline that includes contact information for key personnel in the office. If you need assistance throughout any point of the planning process, remember thinkIT is here to help.

2. Get A Copy Of the Phishing Email: Make sure you have every attachment, as well as the routing information. The originating IP address will significantly help prevent successful attacks from this cybercriminal in the future. If your company is recovering from a W-2 phishing attack, you should also be sure to forward the email to phishing@irs.gov with “W2 Scam” as the subject line.

3. Look Up Threat Intelligence Sites: There are many helpful threat intel sites to help you through the recovery process. To look up any URLS or attachments from the phishy email, go to www.virustotal.com. For domains and IP addresses, IPVoid.com is a helpful intel tool. These websites will provide you with the threat indicators, as well as extensive context and malware analysis.

4. Get Information From The Clickers: Talk to the employee(s) that clicked on any attachments or links within the phishy email. Ask them if they noticed anything strange before interacting with the message. This will help you prevent phishing incidents in the future.

5. Strengthen Company Email Filters: After you receive a copy of the phishing email, make sure to look through its contents to determine any attributes you could filter in the future. This is a great way to prevent the cybercriminal from reaching your company’s network again.

Although this is a brief list of what to do after you’ve been phished, each step is equally important to reducing the overall impact of the attack. For more information about incident response plans, or to learn more about how to prepare for an attack, contact one of our tech specialists, or sign up for a free security checkup below.