Got Phished?

One of the most prevalent cyber attacks that we regularly see is phishing. What is phishing? Why do attackers do it? Knowing the answer to these questions can help us avoid problems in our digital lives. Phishing is defined by phishing.org as “a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.” Usually, the attacker will do this in order to get that sensitive information mentioned in the definition or set you up for a further, more pervasive attack by tricking you into installing malware on your system.

What do you do if you get a phishing email or text (or even voice call)?

• Don’t panic! No matter how “urgent” the communication seems, spend time verifying the truth about the matter. Don’t click any links or buy anything. Instead, reach out to the supposed sender through another form of communication to find out if the request is real.
• Report the phish attempt. Whether it be phishing through email, smishing through text message, or vishing through voice communication, report the attempt to whoever is your IT department at the time. They will be happy to hear from you, and they may even be able to warn others or block any further attempts.
• Mark the sender as junk or spam mail. While most senders rotate through many false addresses, at least you have stopped them from using the same address on you again. Many organizations now centrally track this sort of spam and will be able to block it for the whole organization.
• Delete the message. After all, you don’t want to accidentally click on something in the message later.

Don’t worry. Carry on with your day. While unpleasant and annoying, phishing messages will happen. It’s just a matter of how you handle them that makes the difference.