There are so many things that we can do to reduce the impact of a successful phishing attack. But like various things in information security, there is no possibility to completely eliminate the risk, so it’s important to proactively prepare an effective response strategy.
Alert the Company
You must also notify the company that was specified in the phishing email about your experience. It may help them secure others from taking up the same fate. They must be provided with a method in place to help you when you contact them. Sometimes they might want you to forward the infected email to an exclusive email.
You can check the full email including header information which can provide a hint. In Google Gmail you can choose “Show Original” option. That’s the reason why the company might ask you to send the email.
Check for the source
- Make sure you get a pretty good idea where the scam originated.
- If it is through email then re-think if you clicked on a link in that email.
- Also pay attention when something strange happened while you were surfing the web.
- Also realize when you get a pop up that you clicked on.
- Most importantly ensure if it is a phone call or text
Having a general idea of where the phishing scam has originated from goes a long way! You should report it and concentrate on corrective actions.
Now that you’ve gathered yourself and have a clearer focus, let’s begin the reporting process. If you have a membership with any of the trusted Identity Theft services, you may have the ability to approach them to automate the cancellation of credit cards, ordering new ones, etc.
Also contact your ISP. If you believe the infiltration occurred while you were on a social media website, contact them as well.
Scan your system
Once you have secured your system, proceed with a complete scan to make sure the attacker did not install any malware or backdoor software on the device to plan future attacks.
Even the most sophisticated attack can be resolved with the help of the police authorities. Above all, remember to practice caution in all your online communications!
Modify email filters to block similar messages
In order to prevent other users from getting victimized to the same attack, check for the attributes in the email that you can filter on. In few cases the From, Subject, and other fields may change. Try out something that will remain quite static. Regex (regular expressions) based blacklisting obviously doesn’t provide a long-term solution, but on a short term basis, it can restrict any other messages from getting in.
Back Up Data and Retain Logs
Backup your data regularly either to a separate hard drive or to an offsite location on the cloud. These simple actions will save you from hard drive crashes. Also there are backup apps that are inexpensive or are free. Make this investment to gain your peace of mind.
When you lack with your critical logs then it is obvious that your investigation gets completely cold. Make sure that DNS, DHCP, firewall, proxy, and other logs do not rotate off. Depending on how things proceed, you have to save these logs and handle them in a way that will show up in court. Your IR plan must address this.
Identify the active sessions of affected users
A profound technique among attackers is to leverage appropriate access methods like VPNs and Citrix to maintain a presence within the network and retreat data. Following an attack, gather a list of the affected users and check to make sure that there are no current connections that shouldn’t be active.
DIMA Business Solutions’ DIMA Warrior, a DNS security product can actively filter the domains and other malicious sites that may lead to Phishing attacks. DIMA Warrior updates its Intelligent Threat Vector every 60 minutes so that it can provide high level of security.