I Shouldn’t Have Clicked That: A Guide to Surviving Internet Scams
It happened. Even after all those hours of cybersecurity awareness training, you fell for it. That email from your boss looked so convincing. Now, your computer is blaring alerts, your sensitive information has been leaked, and your heart is pounding like a drum. So what now?
These things happen. Yes, even to people properly trained. To decrease your chances of getting scammed – and to minimize damages in the unfortunate event that you are duped – it’s important to stay informed. Below, we’re covering some common internet scams, and what to do if you find that you’ve been tricked.
Opening a Fake E-Mail
An email from your boss, co-worker, or some other contact slides into your inbox one uneventful afternoon. You open it, read the strange request and realize, Wait. That’s not Tom from Accounting! Most people have encountered these kinds of scams. These nefarious emails exploit their victims through Social Engineering and pose a serious threat to anyone online.
But I’ve opened the email already. Is it too late?
First, breathe. The good news is that your account is more than likely safe. The not-so-good news is that by opening that email, you may have provided the hacker with information such as your IP address, Operating System, and geographical location. With this information they can further target you with more malicious emails.
What should I do now?
- Go offline and scan for malware: Turn off or unplug your router to prevent malware from spreading through your Wi-Fi network. After, run your antivirus software to check your system for malware.
- Notify your IT staff/provider: Your IT provider can determine the nature of the email and block the email through a company firewall.
- Mark the email as spam: All email clients will allow you to mark this email as spam or junk so your inbox can better help filter these emails in the future.
Opening an Attachment or Link
If you’ve taken things a step further and opened a foreign attachment or link, now we have a problem. When an attachment is opened, it can do all sorts of horrible things to your system. You could contract a virus by installing an executable (EXE.) file, a .DOC file or any other type of dangerous file. These emails can be very sneaky, delivered with a friendly emoji and claiming to be from someone you know and trust.
What should I do now?
- Close any browsers: If a link redirects you to a new tab or window, close it immediately.
- Delete automatic downloads: If you have downloaded any attachments, delete them in your downloads folder.
- Change all usernames and passwords: Malware can uncover usernames and passwords saved on your browser. Changing these credentials is vital in keeping your accounts secure.
- Scan and restore: Run an antivirus scan and restore your system to a time before the incident.
- Notify your IT staff/provider: This one is a must. If you have a dedicated IT provider, contacting them as soon as possible will allow them to assist and instruct you with further recommendations.
Entering Information into Fake Login Pages
An email from UPS arrives in your inbox. A package is on its way and needs confirmation on your end. You click the link and log in before you realize, I don’t have any expected packages. And just like that, a malicious party has your login information.
This common form of phishing can be difficult for browsers and antivirus to stop. Although entering your information does not directly infect your system, you have offered – albeit unwillingly – your sensitive information to a malicious party. This is especially problematic if you use the same password for multiple accounts (a big cybersecurity no-no), as the bad actor can now access anything tied to that leaked credential.
What should I do now?
- Change your password: Changing your password is critical to your account security. If you’ve made the mistake of using this password for multiple accounts, you must change your password on every account used.
- Notify your IT staff/provider: Letting your IT provider know about your potential security breach is critical, especially if using a company account.
- Set up Multifactor Authentication if you haven’t already (MFA): If you haven’t already, set yourself up with multi-factor authentication (MFA) to secure your accounts moving forward.
Redirecting to a Malicious Website
This is likely familiar: you get redirected to a website either through a link or while searching Google, and suddenly, Bam! You get a message like this: WARNING! YOUR SYSTEM IS INFECTED. CALL THIS NUMBER NOW!!
This is another classic phishing scam.
What should I do now?
- Close your browser: Immediately close your browser. Even if the alert reports that your computer is locked or blocked, this is usually not the case. Close out of the website right away.
- Run an antivirus scan: Perform a scan with your antivirus software to confirm your system’s health.
- Notify your IT staff/provider: Like the examples before, contacting your IT provider is vital as a professional team can take the necessary steps to secure your system and account.
The Golden Rule of Cybersecurity: Speak Up!
The hackers of today are incredibly sophisticated con artists and it’s important not to blame yourself – or remain silent out of embarrassment or fear – if they get the best of you.
Follow these guides and work with your IT provider to secure yourself and your information. If you think you did provide a malicious party credit card information, consider reporting identity theft with the FTC, police, and all major credit bureaus. Take a look at our Guide to Surviving Phishing to better prepare yourself for any potential risks.
You’ve probably noticed that every answer mentions contacting your IT provider. With the staggering evolution of cybercrime, having a team of experts is one of the only ways to properly secure yourself from harm. Cybersecurity is a must for small businesses and must be taken seriously.
Need to beef up your cybersecurity? The 20 MSP has you covered! Schedule your call with us today, so we can start discussing how to bring your security up to speed and under budget.