Feed Icon
Transcript

You Accidentally Clicked on a Phishing Email. Now What?

Phishing attacks are more common—and more sophisticated—than ever. Whether you’re a small business owner or just putting in your 9-5, you’re a target. Scammers are aiming to steal sensitive data, financial information, and even access to business systems. If you've accidentally clicked on a phishing email, it's easy to panic. But you don’t need to.

Here, we'll guide you through what phishing is, how to identify phishing and session hijacking attempts, and—most importantly—exactly what to do if you fall victim to one.

What is Phishing and Why Does It Matter?

Phishing is a form of online fraud where scammers try to trick victims into sharing sensitive information like passwords, credit card details, or business credentials, or deceiving people into making fraudulent transfers and payments. These messages, usually emails or texts, are designed to look as real as possible, and can even appear to come from legitimate sources. For small businesses, phishing can lead to financial losses, data breaches, and reputational harm.

The key to minimizing damage is a fast and effective response. Knowing the signs of a phishing attack—and what steps to take if you become a victim—can help you regain control and protect your data.

How to Identify a Phishing Message

Not all phishing emails are obvious. With the advent of AI, they’re getting more polished and sophisticated all the time, but there are still telltale signs you can look out for.

Common Signs of Phishing Emails

What phishing messages almost all have in common is a message of urgency, whether it’s a compromised account, a limited time deal, or something that needs to be “fixed” right away. Here are a few of the most common elements of phishing attempts:

  • Urgent Language: Phrases like "Act now!" or "Your account will be suspended" are designed to spark panic.
  • Spelling and Grammar Errors: Professional organizations rarely send communications riddled with mistakes.
  • Unexpected Attachments: Files you weren’t expecting could contain malicious software.
  • Strange Email Addresses: The sender's address might look close to a real one but includes typos or odd domains. For example, "support@amaz0n-help.com" instead of "support@amazon.com."
  • Suspicious Links: Hover over links to check the URL. If it doesn’t match the content of the email or leads to an unrelated site, it’s likely a fake.

Examples of Sophisticated Phishing Attempts

Phishing today goes beyond simple scams. Spotting the warning signs early can help you avoid falling victim to these clever tactics. Here are some more advanced strategies attackers use:

Personalization

More sophisticated phishing messages can be tailored to you personally by including your name or even referencing past interactions you’ve had with a real person—or that they claim you’ve had.

Impersonation

Emails might mimic official communication from financial institutions, vendors, or even colleagues. Sometimes hackers are able to gain access to your corporate email system, intercepting and sending messages from inside. 

Zero-click Attachments

Fraudsters are also able to make use of vulnerabilities in your apps, leading to “zero-click” attacks. In these cases, you may not even need to interact with a suspicious attachment for it to deliver malicious code to your device.

Understanding Session Hijacking

A related threat that is important to know about is session hijacking. This type of attack can silently grant hackers access to your online accounts.

How Does Session Hijacking Work?

When you log in to a site, the server often gives your browser a unique session ID to track your activity. Attackers can steal, guess, or even brute-force this session ID and impersonate you without needing your login credentials.

How Phishing and Session Hijacking Work Together

Phishing emails are used to trick the user into visiting a website and logging in. The session is created as normal, and the attacker can then attempt to retrieve the session ID:

  • Cross-Site Scripting (XSS): Phishing sites can contain malicious scripts. Once a user loads that page, a script can steal the cookies containing the session ID and send them to the attacker's server. The XSS attack is injected into the target website via a malicious link contained in the phishing email.
  • Man-in-the-Middle (MitM) Attacks: A phishing email might redirect you through the attacker's server before getting to the legitimate site. The MitM server then intercepts the session ID.

Potential Consequences

Once attackers gain access, they can impersonate you, perform unauthorized financial transactions, or steal critical business data.

How to Detect Session Hijacking

If you think you’ve clicked on a suspicious link, or even just as part of your routine safety measures, you should check your account activity for changes:

  • Check for active sessions by reviewing your account activity. Some platforms, such as Google or Microsoft, allow you to see where your account is logged in. You can log these devices out manually from here.
  • Look for unusual activity, such as changed passwords or unauthorized logins from unknown locations.

Preventing Session Hijacking

There are a few steps you can take to minimize your risks of a session being hijacked, and most are probably familiar to you as general good safety practices—because they help!

  • Use multi-factor authentication (MFA) options like one-time passcodes, preferably delivered through an authenticator app.
  • Avoid public Wi-Fi or use a virtual private network (VPN) for secure connections.
  • Don’t click on links in emails. Go directly to the website by typing in the address.
  • Always log out of accounts when finished.

Immediate Steps After Clicking on a Phishing Email

So, what do you do in that moment of panic when you suddenly wonder if that email you just clicked on was legitimate—or you’ve been phished? Take action immediately to mitigate the damage.

Step 1: Assess the Damage

Determine what information, if anything, you shared (e.g., passwords, usernames, financial information). Check for recent changes or odd activity on affected accounts. Let your IT person know what happened, and they can help you with the rest of the steps.

Step 2: Protect Your Information

Take steps to protect both your devices and your accounts:

  • Disconnect from the internet: This helps prevent malware from spreading further.
  • Change passwords: Update all compromised or potentially compromised accounts. Use strong, unique passwords.
  • Run a malware scan: Use antivirus tools to check for harmful downloads or software.
  • Contact your bank or credit card company: Report any abnormal activity immediately.
  • Place a fraud alert on your credit report: Contact the credit bureaus (Equifax, Experian, and TransUnion) to place a fraud alert on your credit report. This will make it more difficult for someone to open new accounts in your name.  

Step 3: Report the Incident

It’s important to inform anyone who may have been impacted by the attack, including any relevant law enforcement.

  • Report To Authorities: File a report with the FTC, FBI’s Internet Crime Complaint Center (IC3), or local law enforcement.
  • Inform Your Contacts: Notify colleagues or contacts not to open suspicious emails they may receive from your account.
  • Report the Email: Use your email provider’s dedicated reporting tools to flag the email as a phishing attempt.

Phishing Recovery 101: Steps to Protect Your Data

Once these immediate steps are taken, you can shift focus to monitoring and prevention, both to watch for any effects of the attack and to help eliminate future problems.

Monitor Accounts for Fraud

Keep an eye on all your accounts moving forward to look for unauthorized transactions and any suspicious activity like password changes or contact information updates.

You can also set up fraud alerts for your financial accounts. Just go to the Alerts section of your online or mobile banking, or give us a call. We’d be happy to help you get started! 

Strengthen Future Protections

Take steps to protect your accounts in the future by beefing up your digital hygiene practices. This includes:

  • Using strong, unique passwords across platforms.
  • Adopting multi-factor authentication to add extra layers of security.
  • Staying vigilant against suspicious emails or attachments.

Protecting Your Business

Your small business is a prime target for phishing attempts. You can help protect your operations by implementing robust cybersecurity measures and educating your employees on the risks of phishing and session hijacking. Regular reviews of phishing tactics and the latest cybersecurity news will help keep security front of mind and up to date for your employees, providing a more secure digital workspace for your business.

Stay Cyber Aware

Phishing threats are constantly evolving, but by knowing how to identify and respond to them, you can protect both your personal information and your business. When it comes to phishing, prevention is your best method for protecting your business. But should the worst happen, taking quick action and using proactive methods can help reduce the damage and prevent future problems. 

Take action to protect your accounts today!