Think you’ve fallen for a phishing attempt? Here’s what to do next

Resources
Shaveta
Shaveta
Information Security Analyst, Payworks

Shaveta brings several years of global information technology education and experience to her role at Payworks, where she engages in evolving strategies and solutions for data protection.
Analyste de la Sécurité de L'Information, Payworks

Shaveta met plusieurs années d’expériences et de formation aux technologies mondiales de l’information au service de Payworks, où elle met en œuvre des stratégies et des solutions évolutives de protection des données. et le rendement des employés.

Even with comprehensive training, frequent reminders and high vigilance, an ultra-sophisticated phishing attempt may slip past you or a member of your team in a moment of distraction. Many likely already know the sinking feeling of recognizing unusual pop-ups on your device or having a contact reach out to say “I got a really weird email from your account… was this you?” and realizing you’ve been duped.

Luckily, there are a few easy steps you can take to mitigate the damage – this checklist will get you started!

1. Update your team

First things first – impacted employees should notify their organization’s IT team or security provider before taking any action using corporate equipment. Running malware or other scans, disconnecting from the network and even shutting down the device could compromise forensic evidence.

Trust your IT experts and follow their recommended protocols before doing anything else!

2. Update your password

Once you’ve got the all-clear, consider changing your password for the system that’s been impacted. And if you use that password for any of your other accounts, make sure to update it in those systems as well.

In cases where it’s your computer that’s been compromised (and not just a single account), we recommend changing all your passwords, as some viruses can sweep your browsers for saved login credentials. Just make sure to change these passwords from another computer so that the new login credentials don’t just end up in the same (wrong) hands again!

Going forward, try using a unique password for every account you have to prevent multi-platform breaches in the future. Sound daunting? It doesn’t have to be – check out Payworks’ do’s and don’ts of password management to start strengthening your account security today. You can also apply two-factor authentication to add another layer of protection.

3. Update your tech

Start by taking your computer offline by disconnecting from the local wifi network or directly unplugging your network cord to prevent further unauthorized access or damage. Following the guidelines suggested by your IT group, scan for malware to identify and quarantine any infection.

Depending on the results of the malware scan, you may need to reformat your computer. Just make sure you’ve backed up your data first! With that said, backing up and restoring data from a compromised system may reintroduce the risk that motivated the reformat in the first place. If you don’t already have a data backup plan in place, now’s the time!

4. Update your account providers

Most online accounts allow you to play detective and see when and from where your account was last accessed. If you spot an unfamiliar login (from a country you’ve never been to, for example!), you may want to reach out to your account provider to advise that your information has been compromised, particularly in the case of your financial institutions; they’ll walk you through the next steps required to keep your account and data secure.

5. Update your knowledge

Everyone makes mistakes… but with the right information, you never have to make this one again! Brush up on Payworks’ tips for how to recognize phishing and protect yourself and make this particular problem a thing of the past.

Interested in a Demo or more info?

We would be more than happy to show you how to get the most from our suite of workforce management solutions. Simply contact your sales representative at sales@payworks.ca  to start the conversation.