Phishing Scam: 5 Steps Organizations must Take after an Attack

Written by djonon

6 July 2022


Phishing is a widespread form of cyber-attack involving a target being contacted via email, phone, or text message by someone impersonating a legitimate organization with the goal of luring out sensitive data such as passwords or credit card details. Criminals typically use this information to steal their target’s money or, worse, their identity.

The likelihood of employees accidently responding to a phishing email is becoming inevitable. Phishing attacks are widespread, with spear-phishing identified as one of the most successful tactics used by attackers today. In this environment, the need for email security can’t be overemphasized. Employees must know what to do, and how to act fast, should they respond to a phishing email.

Phishing emails can target anyone within an organization. So, it’s critical to establish best practices that all users can apply. These guidelines should be incorporated into an organization’s comprehensive security awareness training program.

Before we establish the appropriate actions to take after an employee is tricked by a phishing email, it’s essential to point out that these scams can be delivered not only through traditional emails but also text messages. Attackers who use the latter method will impersonate a legitimate existing entity, such as a user’s bank.

The phishing mitigation steps outlined here demand cooperation from all responsible parties within your organization to be effective. There should be coordination among respective entities—the employee who responded to the email, the security analysts, and the information security manager. In the case of individual users, the steps outlined below also apply, provided the affected party engages the appropriate law enforcement agency.

phishing training
VirtualDoers — How to defend your organization

Change your Account credentials

Over the years, phishing attacks have become increasingly more advanced and stealthier. They can be deployed in multiple ways, but their main objective of harvesting login usernames and passwords has in most instances remained consistent.

If an employee clicked on a link that directed her to a faux website where she made login attempts, the attacker can acquire her login credentials and use them to perpetrate other cybercrimes such as email fraud. Given the likelihood of this type of attack, it’s crucial that a compromised user immediately changes the password for the respective account(s) that could have been comprised.

Spear-phishing is a type of phishing attacks usually conducted thorough information-gathering processes on their targets once they’ve been compromised. After the attacker ties the phishing attack victim to a particular account, they will try to use similar credentials on the user’s other known accounts. So, it’s highly important to change passwords not only for the compromised account but also for other associated user accounts. In many cases, victims use a single password across various accounts.

In short, changing passwords for all online accounts is recommended. Email passwords must be changed immediately, and new passwords must be validated against set email password policies to ensure they meet password complexity requirements.  

Report the phishing incident 

Attacks are often deployed in a mass campaign, targeting many victims at once. Often, this attack will target many employees within an organization. Therefore, timely reporting of the incident can help ensure that other employees who might have received the same phishing email and not yet responded to it, don’t also become victim of the attack.

Phishing incidents should be reported via the IT service desk or in accordance with the organization’s cyber incident response procedures (CIRP). At this stage, the report is meant to initiate an internal investigation concerning the phishing attack.

Fast reporting of incidents (immediately after the employees realize they’ve responded to a phishing email) allows information security technical staff to launch crucial information-gathering about the attack. VirtualDoers phishing email reporting analysis and remediation tool, PhishAlert allows for timely reporting of suspected phishing emails to security teams and subsequently allows incident response teams to launch timely responsive activities.

Investigate the phishing attack

Initiating a preliminary investigation of the incident upon report via the IT service desk is crucial. The objective of such an investigation is to gather relevant and critical details about the attack and to assess its impact.

Key steps at this stage involve:

  • Identifying the phishing emails that users engaged with,
  • Locating other messages from the same sender or that have the same link,
  • Determining who else in the organization may have received the same email to understand how widespread the attack may be, and
  • Pulling those messages out of users’ inboxes.  

At this stage, endpoint analysis must also be conducted to identify potential malicious software that could have been introduced on the attack victim’s computer or the associated network. Phishing attack victims need to be on the lookout for identity theft.

Furthermore, it is a good idea to block the compromised account. A user could ask their bank, for instance, to block their online banking account if it’s been directly compromised by an attack. Upon notification, the owners of the spoofed email should also launch investigative procedures to check for anomalous activities. For example, a financial institution should monitor the account of a customer who is a phishing attack victim.

Engage relevant regulatory authorities and law enforcement 

Several industry standards or government regulations require an organization to report phishing incidents within a stipulated period following the first time the incident is identified. For organizations operating in the healthcare sector, an incident involving a response to a phishing email must be handled in a way that ensures continued compliance with Health Insurance Portability and Accountability Act (HIPAA) requirements.

Besides ensuring compliance with industry standards and regulations, there’s a strong need to file a case with the appropriate law enforcement agencies. Filing a report with law enforcement may sometimes be dependent on the extent of the damage that the incident would have caused.

Implement remediation strategies and safeguard against future attacks 

As a first line of defense, users must be well-informed about the phishing attack vectors that attackers are currently employing. To help ensure that happens organizations must conduct comprehensive cybersecurity Awareness Training.

Internal simulations of phishing scams are an effective strategy to help users avoid falling victim to phishing emails. Simulations expose users to real-world examples of phishing attacks so they can better spot a phishing email.

In addition to educating and training the workforce about the threat of phishing scams, organizations need to implement appropriate technical controls. These controls include, but aren’t limited to, blocking phishing emails through the application of email security techniques such as email filtering , sandboxing, machine learning models and browser isolation.

Sign up – no credit card or commitment needed.

Try our videos and Employees Risk Assessment for free!

Related Articles

Effective Cybersecurity for SMB: Why is it Critical?

Effective Cybersecurity for SMB: Why is it Critical?

In today’s digital world, cybersecurity for SMB (Small and Medium Businesses) is vital for small businesses to thrive, or at least survive. Cyber attacks continue to dominate the headlines, with a particular focus on well-known firms. However, research shows...

Shoulder Surfing Attacks: How to Annihilate Them

Shoulder Surfing Attacks: How to Annihilate Them

A shoulder Surfing Attack is a social engineering technique where an attacker simply looks over someone’s shoulder to get confidential information. It could be as simple as when a person is entering their PIN in an ATM or when a person is entering the username and...

The Unseen Threat: How Shoulder Surfing Puts Your Privacy at Risk

The Unseen Threat: How Shoulder Surfing Puts Your Privacy at Risk

Shoulder surfing is a form of visual eavesdropping in which an individual observes, or "surfs," the activities of another person, typically with the intent of gathering sensitive or confidential information. This technique involves someone looking over the shoulder of...

Stay Up to Date With The Latest News & Updates

Cybersecurity for  Executives

Are you a Manager or a busy Executive?

This course will equip you with the framework, vocabulary and understanding of cyber risks, and will give you the confidence to take the lead in cybersecurity initiatives

Join Our Newsletter

Subscribe to the VirtualDoers newsletter to receive our monthly publications!

You can unsubscribe at any time

Stay Connected!

Follow us in our networks