Phishing attacks have been going through the roof so far this year. In May of 2021, they rose by 281%, and in June, increased another 284%. The quality of phishing emails, in general, is also going up, which makes them harder to spot, even for those that consider themselves tech-savvy.

These phishing scams now automate and personalize emails and the malicious websites that may be used with, tailoring them to the victim. Some attacks using a spoofed Microsoft 365 login page will even display an employee company’s corporate logo and background image.

Once you’ve clicked on a phishing email link or accidentally opened an attachment that could contain malware, it’s easy to panic and make things worse. For example, the thing you do NOT want to do is use your possibly infected device to go searching on the internet for free malware removal tools.

The longer you’re connected online, the more risk there is of other devices and connected cloud storage being infected. Additionally, you don’t want to trust a free antivirus that you found when searching in a rush, because it could also be a scam.

The things you do in the minutes following an accidental opening or click of a phishing email will make all the difference in how bad the damage may be to your business network and security.

If you think you’ve clicked on a phishing link or opened a dangerous file attachment, here are the immediate steps to take to try to mitigate the damage.

Contact IT Support ASAP

The first thing you want to do is contact your IT support provider immediately. We can keep you from making mistakes that will make things worse. 

You don’t know what you may be dealing with when you expose your device to the contents of a phishing scam, so it’s best to have a professional thoroughly review your system to identify and remove any viruses or other types of malware.

Disconnect Your Device 

Most malware is designed to spread rapidly through any connection it can find. This means that it can quickly infect other devices on the same network and syncing cloud storage services.

You should immediately disconnect your device from the internet and any other internal networks. Turn off the Wi-Fi from your desktop and unplug any ethernet cables that may be used for an internal or external network connection.

This isolates the device to hopefully keep any infection confined to just that one computer.

Back Up Files to a Local Drive

There is a chance that you may lose files due to malware infection of your device. Some worms can be destructive and eliminate files one by one. In other cases, to remove a particularly persistent malware, you may end up losing some or all of the data stored on your hard drive.

Use a local (not cloud) external backup to create a copy of your hard drive. You don’t want to use a cloud backup in this case because it would mean reconnecting your device to the internet.x

Also, don’t reconnect to a central server to back up, as this puts that device in danger of being infected. Use a single external hard drive backup that is only connected to your device to copy all the data.c

Scan Your System for Malware

Use any antivirus/anti-malware program that is installed on your device or can be installed without reconnecting to the internet to scan your device for signs of malware. Not all of these applications are equally as thorough, so it’s best to get the help of an IT pro for this.

We know the industry-standard and best antivirus/anti-malware apps to use to ensure that any malicious code hiding in your system is detected, quarantined, and removed.

Change any Login Credentials You Have

It’s best when you’ve had a phishing incident to change all your login credentials. If you had saved those in the browser or elsewhere on your infected computer, then there is a chance they could’ve been compromised.

Using a password manager is a good idea because it will suggest strong, unique passwords for all your logins and you only have to remember a single password to access all the others.

Clear Browser Data

Spyware can take a look at areas of your system where important information is stored, and this includes your browser. A hacker that knows you frequent certain online shopping sites has a roadmap of where to try any compromised passwords.

Clear all your browser data, including cookies and history, so there is less information that an attacker could use to steal your information or compromise your accounts.

Don’t Freeze Up If You Encounter Phishing…Call BrainStomp!

If you interact with a phishing email or social phishing post, call us right away! BrainStomp can help you isolate the infected device and quickly deal with any malware infection with a goal to mitigate your costs and downtime.

Schedule a free consultation today! Call 260-918-3548 or reach out online.