IS USING INTERNET SAFE?

As phishing schemes and emails become more common and harder to detect every day, simply avoiding them is not enough.
While there are countless tips and antivirus software to
help you detect and avoid phishing scams, what should you do if you or someone
you know falls in love with one?
A phishing email is a message sent by a black or gray hat
hacker with malicious intent. Phishing attacks tailored to you are much more
difficult to detect and avoid, while others use generic tricks and are often
sent in mass to hundreds or thousands of addresses.
Phishing emails contain information to trick you into
trusting the sender and then download an attachment, visit a website, submit
information, or log into an account using the fake link they provide.
You
Fell In Love With A Phishing Email - Now What?
Phishing emails are based on social engineering, which
takes advantage of you, effectively bypassing your cybersecurity software such
as antivirus, firewall, and spam filters.
It only takes one wrong move. This could be because you
didn't realize that the sender's email has a small, intentional typo, or you
didn't check the linked website URL for accuracy and an SSL certificate
(displayed as HTTPS).
But falling in love with a phishing email is not the end of
the world.
Do not panic. If you are fast but keep a cool head, you can
come out unscathed and more cautious than ever.
There are mainly two ways you could fall for a phishing
email: downloading a file via email or revealing sensitive information.
Fortunately, you can limit the damage by acting quickly.
What To Do After Downloading A Malicious File?
Downloading an infected file is one of the easiest ways
attackers can access your files and data. It can be an email attachment or a
link to a website where you can download the malicious file.
Anyone can fall for this. But you are more likely to know
if you don't know what phishing emails look like, or if you don't have an antivirus with a malware
detector to warn you of suspicious downloads.
Stop The Attack Before It Starts
Let's say you made a mistake and ended up downloading a
file that your antivirus software didn't flag. Now what?
Not all attacks wreak havoc right away. You may still have
time to react and minimize the damage.
The first thing to do is disconnect your device from the
internet. That way you will prevent anyone from remotely accessing your device.
It also ensures that any spyware they may have installed doesn't leak their
files to the attacker.
Clean Your Device
Stopping the attack in its tracks is a necessary first
step, but that doesn't mean your job is done. Reconnecting as if nothing had
happened is like inviting the attacker back to your device.
You need to scan and clean your device for malware.
If you are unsure of your technical skills, you can take
your device to a local technician or call a technical support center and
explain the situation.
But a competent security suite should do just fine.
Repair
The Damage
Change logins for any important services like email provider and financial accounts. Be on the lookout for anything the attacker may have accessed during his short duration attack.
That includes changing your passwords, if you saved them
locally, and contacting your bank if you had unencrypted financial documents on
your device.
What To Do After Gifting Your Logins?
One of the most common ways that phishing emails obtain
your login credentials is by informing you that there is a problem with your
account and offering you a link to reset your password. The link leads to a
duplicate website where they collect your password.
If that happens, they can access your account, especially
if you haven't enabled two-factor authentication.
Change Your Password
Even if you made the mistake and registered your
credentials on a fake website, the attack does not start until the attacker
changes the password and email for the account, preventing you from logging in
or recovering your password.
The moment you realize you made the mistake, you have to
beat them to log into your account. Go to the actual website - check the URL
and SSL certificate before logging in.
There, you need to set a more secure password. Go to
settings and log out of all devices, which would kick out the hacker if they
were already logged in. Be sure to change your security questions and answers
as they may be discovered now that they have access to your personal
information.
Beware: the hacker may try to change the account password
and email and also force you to log out.
Contact The Provider Of The Breached Account
Unfortunately, it is not always easy to notice this type of outline right from the start. If you arrived too late and the attacker has already locked your account, you can still avoid major damage.
Now, your only option is to contact the account provider.
This could be Twitter, for example, or your bank if it's financial or personal
information.
Most major sites have a protocol for verifying the person
using the account, and the faster you contact them, the less time the hacker
will have to change details or get more information about you.
Change Your Login Credentials
Although changing your password after an attack may be
common knowledge, it should actually change all of your login information. That
includes email, username, password, and security questions.
Knowing even one part of your login makes it easier for a hacker to guess the other. Changing them all after an attack makes it much more difficult for the same cybercriminal to attack you again.
Comments
Post a Comment