I just wanted to follow up my presentation on “The Anatomy of a Phish” at last week’s Data Connector event in Dallas with this blog. If you were there, thanks for the lively participation.
Now, we often hear: “DON’T CLICK THE LINK!!” in all caps and several exclamation points. But, come on. We are only human. Everyone makes a mistake and can fall for a phish, smish, or vish. So, what do we do when we’ve clicked the link? Close out everything and shut down, or not shut down? Unplug the computer, or just pretend it didn’t happen? Here are some tips to rely on when you fall for the bait.
Disconnect the Internet cable and turn off wi-fi. How? Simply reach for the ethernet cable that links you to your modem or router and unplug it. It usually has a clear plastic squarish casing with a little clip. Turn off your Wi-Fi by clicking on the Wi-Fi icon in your desk tray. Or open your Wi-Fi settings by typing it in your desktop search bar. If you are on a mobile device, go to your Wi-Fi settings or Wi-Fi shortcut and turn it off.
By isolating yourself, you prevent whatever payload—the malicious code—sitting inside the link from spreading to others in the network. It’s like opening Pandora’s box, but shutting all windows and doors so that whatever was unleashed remains in that room.
Do NOT shut down your computer or device
Foremost, follow your organization’s protocol. If one is not in place, my advice is do NOT shut down your computer or device. I’ll let you in on a little secret…Skilled “hackers” can access your computer even when it’s powered down. Most devices and computers these days, just go into sleep mode and never fully shut down. Unless you unplug it and/or take out the battery, it doesn’t stop someone from accessing your computer or device. Computer Forensics people often preach: “Don’t shut down your computer,” because it will erase the temporal memory (cache). This cache usually holds the date and time stamps and other useful information that at least gives clues on where to start looking.
One of the cybersecurity professionals in attendance did point out that if the baited link you clicked unleashes a series of irritating popups ran by java scripts, then your only option is to fully shut down and reboot. There is no other way to disable those annoying popups. I’ve seen especially prevalent ones claim that they are antivirus scanners or PC cleaners with promises to boost your operating or processor speed. Don’t fall for it.
Notify your Information Security Officer (ISO)
Using your landline or a neighbor’s computer if you are in the office, notify your ISO or IT person who handles potential phishing emails. Be honest and forthright. I clicked a link that may have been a bad move. They will instruct you on the next steps.
Do NOT forward the email, SMS text or voice message. And, as another professional pointed out during the presentation, screenshots of the phish are quite useless as well since they do not contain necessary forensic data for your IT professionals to identify the true nature of the phishing lure.
If your organization utilizes an Anti-Phishing Simulation tool, such as PhishProof, then you may have a “phishing reporting” button on your email client which automatically captures the header information and the body of the message and sends it to your ISO. For example, PhishHook is a button that conveniently sits on MsOutlook’s Home ribbon so end users can report phishing attempts in real time.
Run a full system scan using your anti-malware/anti-virus software
If you do not have an ISO, or if this is your personal device, then definitely run a full anti-malware/anti-virus scan. Windows Defender is already built in if you are using Windows 10. Some free and available options are Avast and Malwarebytes. They also offer mobile versions for your devices through the Play Store or App store.
At the end of the presentation, we all agreed that while following your organization’s policy on phishing emails in important, we must keep in mind to first and foremost ISOLATE ourselves, then immediately REPORT it to our IT departments. To take it a step further, we can even notify the
FCC’s Consumer Complaint Center to help make others aware of these particular phishing lures.
Want to more tips? Read more at InspiredeLearning.