The world of deception has taken its turn towards worse with the population moving to a cyber realm in the era of work from home, remote processes and socially intimidating aspects being a major part of the life of millions if not billions. The generation of statistical data, stealing credentials, or making targeted advertisements for your profile, maybe also injecting your system with something malicious in the worst cases. Phishing has been a hot topic of the current times but overlooked as a hyped awareness by many. Is it too hasty to come to a conclusion like that? Well, the 65% population falling prey to the same tells a lot.
Phishing scams usually make use of the tactic of making yourself known by the image of a trusted entity via email to lure you into clicking malicious links and content that may redirect you into an exact replica of your favorite and blindly trusted website. “Well hey! I know this”, exactly what the victim thinks before entering his/her credentials and boom, gone in seconds. Phishing might also be in different mediums like SMS Phishing (Smishing), Voice Phishing (Vishing) and some other terms which might come into existence in near future, but with the same motive to put hands on your details.
What happens if I do?
Clicking on such a such might have a range of effects on your system depending on the intent of the adversary looking forward to making a malicious impact into a victim’s life by means of harvesting credentials for the intent to impersonate online presence on a social media platform, email or any website with a user identification. The victim might also be compromised by means of a malware injected within the mobile or personal computer system either proving out to be a ransomware to encrypt all data for recovery only after a paid ransom, creation of a backdoor for access or escalating his way into networks that you might be connected to.
In all the ways there is one common intent for the adversary and that is the compromise of data in one form or another to be made into use for benefit or sold for monetary income.
Clicked on it! What Next
The general hygiene to maintain a safe front in case you come across and accidentally click on one such link would be to Disconnect your device from the internet immediately. Plugging y=out any cables in case of an ethernet internet connection or disconnecting the machine or mobile from the home WiFi network.
Following this step the best practise is to quickly take a backup of all the files on your system that are not continuously backed up by cloud based backup services in case the malicious content that might have been transported to your system starts running to alter the same. Usually a blank hard drive is the best option to take storage backups without any other previous files in case those stand a risk of being tampered as well.
A system scan with the basic antivirus or defender softwares can be initialized to check for any malware in the system can also be a precautionary approach to make sure of any potentially installed services followed by a change in your account credentials that are susceptible to be compromised and mean the world to you. Generally social media or email accounts are targeted the most.
Once you’re done, make sure to raise a fraud alert and file a crime report to flag the website or link or sender with a fraudulent tag to keep others safe.
Checking for the links on the URL bar, verifying resources, making sure that the King of Nigeria isn’t really wanting to send you a Million Dollars as part of his royal lottery for which you have to submit your details on a given link. A little awareness goes a long way.