In recent times, Angola has faced an increase in cyber attacks. Email phishing attacks stood out as one of the main threats to users during the first half of the year.
These attacks often display spelling errors, poor grammar, imposing language and a lack of context. However, there are cases that demonstrate meticulous planning on the part of criminals, who study victims' previous communications, giving the attack a high degree of credibility. Even individuals specialized in the IT field are not immune to these attacks, which often appear in the form of seemingly harmless messages.
10 Recommended Steps after clicking on a Malicious Link
All it takes is one slip and a few seconds to fall victim to a phishing attack – and not even IT professionals are exempt from this risk! A seemingly innocuous email message may contain a link that you should click before, its author swears, “it’s too late.” Considering the popularity of email phishing attacks today, it's important for users to know their options after they realize they've clicked in the wrong place.
- Do not provide more information
Let's say you received an email from an online store that raises suspicions, but you clicked on the link in the body of the email without thinking much or just out of curiosity. The link sends him to a website that appears legitimate, but doubts linger in his mind. The simplest approach is not to share any additional information. Do not enter your login or provide your bank account details. If cybercriminals only wanted your data and didn't compromise your device with malware, chances are you've just escaped a worse attack.
- Disconnect your device from the Internet
Some phishing attacks can trick you into giving malicious actors access to your computer, smartphone or other device. They can install malware, collect information about you and your device, or gain remote control of the compromised device. To reduce damage, it is imperative to act quickly. Start by disconnecting the compromised device from the Internet. If you use a PC with a cable connection, simply disconnect the Internet cable from your computer. If it's connected via Wi-Fi, turn it off in your device settings or turn on airplane mode on your smartphone.
- Back up your data
Disconnecting from the Internet will prevent more data from being sent to the malicious server, but your data is still in danger. You should make a backup of your files, especially sensitive documents or files with high personal value, such as photos and videos. However, backing up your data after it has been compromised can be risky, as it may have already been compromised by malware. The malware is likely to be backed up along with photos from your last birthday party. Instead, you should back up your files regularly and preventatively. If malware reaches your device, you can recover your data from an external hard drive, USB flash drive or cloud storage service.
- Scan for malware and other threats
Run a full scan of your device using anti-malware software from a cybersecurity expert, while the device is still disconnected from the Internet. If the verification process does not find any potential risks, but you still have questions, contact your cybersecurity provider. And if you're not already using any multi-layer anti-malware software with anti-phishing features, get one!
- Consider a factory reset
Factory reset means returning your smartphone to its original state, removing all installed apps and files. However, some types of malware may persist on your device even after a hard reset, but cleaning your mobile device or computer is likely to successfully remove any threats. Remember that a factory reset is irreversible and will wipe all locally stored data. The importance of carrying out regular backups cannot be overemphasized!
- Reset your passwords
Phishing emails can trick you into disclosing your sensitive data, such as identification numbers, bank and credit card details, or login credentials. Even if you don't provide your data, it's possible that if you have malware installed on your device, it could track it. If you think this is the case, especially if the phishing emails ask you to provide a specific login, you should immediately change your login credentials, especially if you recycle the same password across multiple accounts. These situations highlight the importance of using unique usernames and passwords for different online services.
- Contact banks, authorities and service providers
If you have entered bank/credit card details or access details to a website with access to your cards, inform your bank immediately. Your card can be blocked or frozen to prevent future fraud, and you can avoid or minimize any financial loss. Don't forget to check if your bank (or other compromised payment service) has a refund policy for scam victims. To prevent other people from falling for the same scam, it is also important to contact local authorities.
- Spot the differences
Criminals who successfully log into one of your devices or accounts may attempt to establish their presence for as long as possible. They can change their logins, email addresses, phone numbers, or anything that helps them solidify their position in your account. Review your social media account activity, banking information and online shopping order history. If, for example, you detect a payment that seems strange, unknown or unauthorized, report it, change your credentials and request a refund.
- Scan for unrecognized devices
If malicious actors stole your account details, they likely tried to log in from your own device. Most social media platforms keep a record of your current login sessions in their privacy settings. Check it and force log out of any unknown device.
-
- Notify your friends, contacts, service providers and employer
Sometimes, cybercriminals use your contact list on a compromised account to spread phishing or spam links. Please be aware of this fact and take measures to prevent others from falling victim to the same scam. If a cyberattack is related to your work accounts or employer-issued devices, follow your company's rules for handling cyberincidents and immediately report it to your manager and IT department. Major email services like Outlook or Gmail also offer tools to report phishing emails directly from your inbox.
Conclusion
Cyberspace is full of threats, but with precautions and adequate information, users can navigate in a safer and more protected way. Awareness and ongoing training are vital to face these growing threats.
