Phishing attacks are a common and increasingly sophisticated form of cybercrime.
If you’ve clicked on a phishing link, it’s crucial to act quickly to mitigate potential damage.
Here’s a step-by-step guide on how to spot a phishing message and what to do if you find yourself in this situation.
Understanding Phishing Attacks
Phishing attacks are a type of cybercrime where attackers pose as legitimate entities to deceive people into revealing sensitive information such as login credentials, credit card numbers, or other personal data.
These attacks can take various forms including email, social media messages, phone calls, and text messages.
The primary goal is to trick the recipient into taking an action that benefits the attacker - such as clicking a malicious link, downloading malware, or providing confidential information.
In 2022, fraudulent emails accounted for nearly 50% of all sent emails, with phishing remaining one of the most common forms of cybercrime, equating to an estimated 3.4 billion spam emails sent every day.
3 Common Types of Phishing Attacks
Email Phishing
This is the most common form, where attackers send fraudulent emails appearing to be from trusted sources.
These emails often contain links to fake websites designed to steal information.
Vishing (Voice Phishing)
This method uses phone calls to deceive people into providing personal information.
Attackers often pose as representatives from banks, government agencies, or technical support.
Smishing (SMS Phishing)
This approach uses text messages to lure people into clicking malicious links or giving up personal information.
Immediate Actions
If you’ve clicked on what you believe to be a phishing link - don’t panic. Follow these steps straight away:
1. Disconnect Your Device
The first and most crucial step is to disconnect your device from the internet.
This prevents malware from spreading or communicating with a remote server.
2. Do Not Provide Personal Information
If you were directed to a webpage asking for information, do not enter any details. Close the browser window immediately.
3. Scan for Malware
Run a comprehensive malware scan on your device using reputable antivirus software such as Bitdefender, Norton, or Avast.
If you don’t already have antivirus software, use a different device to download one and transfer it using a USB stick.
4. Change Your Passwords
If you entered login credentials on the phishing page, change those passwords immediately.
Use strong, unique passwords for each account. The National Cyber Security Centre recommends combining three random words.
Consider using a password manager to store your credentials securely.
5. Monitor Your Accounts
Check your bank accounts, credit cards, and other financial services regularly for suspicious activity.
Report any unauthorised transactions to your provider straight away. Even if nothing has happened yet, it’s wise to inform your bank of the situation so they can watch for issues.
You should also report the event to Action Fraud if you:
Have lost money or been a victim of fraud due to phishing.
Have been hacked or had your personal data compromised.
Received a suspicious message claiming to be from an official source.
Preventative Measures
Prevention is better than having to recover from an attack. Here’s what you can do to stay safe.
Use Security Software
Keep your antivirus software up to date and consider adding tools like anti-phishing filters or secure email solutions for added protection.
Enable Two-Factor Authentication (2FA)
Where available, enable 2FA. This adds a second layer of verification to keep your accounts safer - even if someone gets hold of your password.
Be Cautious With Emails
Scrutinise emails before clicking on any links or downloading attachments. Check for red flags such as spelling errors, mismatched URLs, or generic greetings.
Regularly Update Software
Install updates to your operating system, browsers, and apps to benefit from the latest security patches.
Back Up Important Data
Back up your critical data to an external drive or cloud storage. This ensures you don’t lose access to your files if malware infects your device.
Educate Yourself and Others
Learn to recognise the common signs of phishing - urgent requests, suspicious links, and unexpected attachments - and share this knowledge with others.
"Being cautious doesn’t mean being paranoid. With phishing, awareness is your best defence."
Sabrina McClune is a Women in Tech Excellence 2022 finalist who writes extensively on cybersecurity, digital transformation, data protection, and digital identity. With a postgraduate degree in Digital Marketing (Distinction) and a First-Class Honours degree in English, she combines a strong academic foundation with professional expertise. At Beyond Encryption, Sabrina develops research-led content that supports financial and technology sectors navigating the complexities of the digital age.