how to respond to a phishing attempt

Cyber criminals often use phishing attacks to gather your business information in order to hack your accounts. They can then access your systems, including client information such as credit card numbers and other sensitive data.

If you suspect you’ve received a phishing attempt through an email or a phone call, you need to respond appropriately to avoid compromising your company and your own information.

In our last article, Phishing 101: How to Recognize Attacks, we shared common signs of a phishing attack that help you identify a phishing attempt. Here, you’ll gain some more in-depth insights into recognizing these attacks and, more importantly, learn how to respond once you’ve identified a scam.

Verify the Contact 

The biggest mistake people make is not verifying the senders of the emails they receive. Instead, they may obliviously click on a fake link or give an imposter information. Simply being cautious can thwart many of these scammers.

Companies You Don’t Know

Many phishing attacks are broad efforts that are relatively easy to spot. You may get an urgent email or voicemail from a company you do not do business with. These are obvious phishing attempts.

For instance, you may get a request for account information from a major bank or online company that you recognize but do not work with.

You may also receive a message threatening legal action against you or otherwise urging you to take action.

The following real example of a phishing message was sent to a law firm from an unfamiliar email address (pricestock424@hotmail.com):

real-life example of a phishing message sent to a business

In an obviously fraudulent case like this (the recipient used only legal, licensed images), you should not respond to the email or click on any links included, especially when being asked to download something. Often, a simple glance at the website address or an online search can alert you to an ongoing scam.

Companies You Have an Account With

If you do have an account with the company, check the website address before responding. You can usually spot phony addresses by their misspellings or other inconsistencies. If you think you may have a real account issue, contact the company directly and not through an email link. You can call the company or type in their address and check your account standing.

For instance, scammers often send fake PayPal messages, warning you of an issue with your account, or notifying you of a “purchase” that you did not make. Go to the PayPal site directly to verify this information, not through the link in the email. That way, you’ll see the true state of your account. Taking these steps prevents you from sharing information with a fake site. 

Take the following example of a purported receipt of purchase:

example of a phishing scam attempt

(Note that this message was sent from “amazm-centre.com,” clearly not a valid email address or domain name for Amazon.)

To verify whether such a purchase is legitimate, you should go directly to your Amazon account and check your order history there instead of clicking on the link included.

If you think an email may be legitimate but want to discover where the link is leading before clicking it, you can hover your mouse over the linked text. This will usually make the URL appear either in a box near your mouse or in a box at the bottom of your screen.

However, if your email doesn’t have this feature, you can still discover where the link is leading by using the “Inspect” feature. (Note: The “Inspect” feature is only available if you’re accessing your email through a web browser.)

First, either right-click on the link, then click “Inspect” in the drop-down menu:

Or, to avoid accidentally clicking on the link, you can highlight the linked text with your mouse and then click “Ctrl + Shift + C” (for Windows computers) or “Cmd + Shift + C” (for Macs).

This will bring up a bar on the right side of your screen like the following:

How to inspect a link in a phishing attempt message

There, you can see the link highlighted with the URL the link really leads to—which in this case, is not a link to an Amazon account or order.

Phone Phishing

Never give out sensitive information over the phone unless you initiated the contact. A caller can easily pose as a representative of a company you do business with in order to get your social security number, account number, or passwords. If you have any doubt at all, end the call and contact someone at the company using your usual method of communication.

Responding to the Phishing Attempt

You should not share information with a caller or click on the email links, but there’s also more you can do when you receive a phishing message. You need to take action to protect others. 

Take a screenshot of suspicious emails and notify your manager before deleting them. If you do not report the attack, others may fall for the ploy and expose your company’s data. Management needs the chance to warn everyone in the company.

You can also report the attempted fraud to the FTC by forwarding the email to reportphishing@apwg.org. If you receive a fraudulent text, forward it to SPAM (7726). You can report any type of phishing attempt, including calls, to the FTC at ReportFraud.ftc.gov.

If you think you have given information to someone who was phishing, visit IdentityTheft.gov, update your computer’s security software, change your passwords, and run a scan. You should also keep your management team apprised of all developments so they can work with your IT provider to ensure that your systems remain secure if login information may have been leaked. 

Update Your Security with Innovative Network Solutions

Innovative Network Solutions can help keep your company safe from cyber crime, including malicious phishing attacks. Our expert team stays current with the latest online and phone scams so we can best advise our clients on how to be on the lookout.

Through solutions and services such as penetration testing and vulnerability scanning, employee awareness training, and firewalls and email filters, you can protect your business from phishers both electronically and through your personnel.

Ready to protect your company? Contact Innovative Network Solutions today for advanced cybersecurity services.

For more information, contact us online or call 866-572-2850 today.