Posted by Amanda at Varay on Oct 20, 2020 10:00:00 AM

Phishing. 

No, unfortunately we’re not talking about the incredibly fun activity of hitting the lake early and catching trout with your dad. 

Instead, we’re talking about the incredibly un-fun cyberattack where you’re tricked into compromising your credentials because of a fraudulent email. You may already know or be familiar with what a phishing attack is, but due to the current rise in online activity and cyberattacks, more people are falling victim to these types of security risks. 

What is a phishing attack?

A phishing attack is when an attacker sends you an email under the guise of a person or company that you trust and attempts to gain your personal information or access to sensitive information by impersonating them. For example, you might get an email from “Apple” that your Apple ID password needs to be reset, but when you reset your password to keep your account secure, you’re actually handing it over to a criminal. If you’re nervous about the emails you’re receiving, here’s an article that provides 4 ways to spot a phishing attack

A phishing attack has three motivations: 

  1. Gain your personal information
  2. Use your information as a jump off point for other attacks
  3. Hold your information for ransom

Because of this, attackers will stay dormant until you send them critical information, which means you may have no idea that you've been attacked!

Top three tips for recovering from a phishing attack: 

Black business professional man taking notes on a note pad with an open laptop in front of him.

First things first: If you’re worried that you’ve fallen victim to a phishing attack after changing your password via an email, the best thing to do is to notify your security professional in less than 24 hours. It might be embarrassing, but the result of not acting causes much greater embarrassment! Here’s what to do next: 

Step #1: Change your password

Always, always change your password after a phishing attack. This cuts off your attacker’s access and protects you and your company from further attacks from this initial breach.

Step #2: Alert IT 

Like we mentioned before, let your IT professional know as soon as possible about the phishing attack, and ask them to check for additional areas, systems, and accounts where you and your company may be compromised. 

Step #3 (as an individual): Review your financial activity

As an individual, immediately review your financial accounts including bank accounts, credit requests, etc. to make sure there is no suspicious activity being done on your behalf. As soon as any suspicious activity is detected, alert your account holder (banker/banking corporation) immediately to let them know of the fraudulent activity. 

Step #3 (as a company): Review for compromised compliance

As a company, always check for compromised compliance issues (HIPAA for example) after a phishing attack, because this could cause major trouble for your company and clients. Additionally, we recommend that you (as a company) contact your insurance provider right away to check that cyberliability is covered in your policy. Then, have your IT professional check your backups and verify that you can recover any critical information that could be compromised. 

Lastly, if you or someone you know has fallen victim to a phishing attack, you don’t have to recover alone. Contact our team at Varay for experienced guidance on recovering from a phishing attack. 

Topics: security, identity theft, phishing, email, cybersecurity, disaster recovery & business continuity