You receive an email from your supplier that says you have an outstanding invoice. You worriedly open the email and download the invoice. After downloading the attachment, you remember that you haven’t worked with that company in the past year. You realize you fell victim to a phishing scam.

90% of all malware is delivered via email, which makes it important to look before you click. But sometimes you can be distracted or in a rush and not realize you’ve clicked on a phishing email. Accidents due to human error are inevitable but also devastating (successful phishing attacks cost mid-sized enterprises an average of $1.6 million).

Source: Proofpoint

Is It Safe to Open a Phishing Email?

There was a time where simply opening an email could cause your computer to be infected. Your email used to be able to run JavaScript code, meaning hackers could run malicious scripts/malware while you were viewing your email.

Nowadays, hackers are unable run these scripts on your email. As long as you keep your systems and software up-to-date, you should be able to open any email safely. On the other hand, opening attachments is dangerous and can infect your devices.

7 Steps to Take After Clicking a Phishing Link

If you accidentally click on a phishing link or download a suspicious attachment, do not panic. Follow these steps to try and mitigate any damage.

Disconnect: The first step you should do is immediately disconnect your device from the internet. Make sure WiFi is disabled on your device and that your network cable is not plugged in. This will help stop the virus from spreading to other computers/devices in your network and prevent rogue actors from accessing your device remotely.

Backup: If you don’t regularly backup your files, make sure you do it after you’ve disconnected your devices from the internet. You will not be able to backup to the cloud because your internet access is off, which means you need to store your files on a USB stick or hard drive.

Scan: Once your files are safe, conduct an antivirus scan on your device. Do not do anything else on your device while the scan is taking place. Wait for the scan to be completed and then follow the antivirus’ instructions to either remove or quarantine the malware.

Change Credentials: Some malware can harvest credentials. If you were logged into any of your accounts before you clicked on the phishing link, there’s a good chance your information has been compromised. Make sure you change your passwords so that they are more secure and complex. A good guide to a secure password is to be: at least 12 characters, alphanumeric, symbolic and non-dictionary.

Notify: Depending on your workplace policy, you may have to notify your supervisor about the incident. They may ask you to forward the email to your IT team for further inspection. If the phishing email claims to be from a specific person or company, make sure those being impersonated are notified about the phishing email as well.

Monitor: Once you’ve done all of the above steps, continue to monitor your network for any vulnerabilities. Consider doing an overall security assessment if you are unsure about your security posture.

Secure your email: To better protect yourself from the dangers of phishing, consider using a security solution built for your email environment. At Jolera, our Secure IT – Mail solution offers advanced protection from phishing, malware and spam. In addition to filtering and blocking malicious emails, our live agents will review security events for remediation.