It’s safe to say a majority of email users, particularly those part of a small to medium sized business, have been targeted by phishing scams. Everyone around the world engaging in online activity is a potential target for a phishing scam. These digital cons have become so common, most of us wake up to more than one in our inbox.

One reason email scams work so well is because everyone uses email, says Patrick Peterson, the founder and CEO of Agari, an email security company based in San Mateo, California. “Email’s original sin is this: Anyone can send anything to anybody and there’s no way to see if the link, or the attached spreadsheet, is malicious,” he says.

Criminals continue to be successful, the thinking goes, because phishing attacks are simple, low-tech, and exploit weaknesses in human nature. We intrinsically want to open messages addressed to us and click on buttons. We have FOMO on once-in-a-lifetime opportunities.

And we get scared by threats.

Steps to Take After a Phishing Scam

So, what do you do if you find yourself as part of a successful phishing email scam? There are a few steps you can take to minimize the damage if you’ve been targeted by a phishing scam.

  1. Disconnect Your Device: Disconnecting your device from the internet can help prevent the severity of the phishing attack. If you are connected using a wired connection, you can unplug the internet cable from your computer. If you are on wi-fi, go to your device wi-fi settings and disconnect. Disconnecting from the internet will help reduce the risk of a cyber attacker remotely accessing your device, prevent the malware from spreading to other devices on your network, and protect your information from being sent from your device.
  2. Change Your Passwords: More than likely you clicked on an email link and it took you to a website that mimicked your bank account, or another service, and had you enter your user name and password. After noticing that it was a phishing scam, you need to go to the real sites for these services and change your password. Be sure to create strong, complicated passwords using a variety of characters and numbers. The more confusing the password, the less likely it is for a hacker to break it.
  3. Notify the Company: Notify the company/organization that the phishing email came from. They will want to investigate the matter and make sure that others were not affected by the scam.
  4. Scan Your Device for Viruses: To be safe, you should scan your device for viruses following a phishing email attack. Make sure all of your anti-virus software is up to date and run a full scan of your system.
  5. Be Cautious of Identify Theft: If you believe that your information may have been exposed, be careful and on the lookout for any signs of identity theft.
  6. Protect Yourself from Future Phishing Scams: Educate yourself on what to look for in future phishing attacks. In my own company, for example, we provide IT support to small and medium sized businesses to help train your staff to not fall for any phishing emails.

The best way to avoid a phishing attack is to be aware of what to look for. Learn more about How to Prevent Scams, Phishing and Mis-Sent Emails.