Getting started

How to respond to a phishing attack

respond to a phishing attack

Just about everyone today knows how phishing works. However, even if our vigilance, and that of our message servers, manages to block the most obvious attempts so they can be ignored, nothing is really done to discourage their authors from trying their chance again with a new message or prey. So what should you do when confronted by a suspicious email or one that is clearly fraudulent but you realize only too late that it was a phishing email? Protect yourself and protect others.

What do to if you get a suspicious email?

The first precaution to take is to of course not click on any link, or open any attached file, whatever their names may be. Though it is unlikely that the simple displaying of an email may harm the security of your system, these elements are potential vectors of malware. Also, refrain from replying to these messages, so as to avoid falling into the trap of social engineering, since the person on the other end may try to get additional information from you or even blackmail you.

Pay attention, however, to the address of the sender, and especially its domain name. While this will not tell you for sure whether or not the email is legitimate, it will filter out the most basic phishing attempts. For example if the domain name of the sender’s email address is slightly off from what it should be, or if it is an variation of the brand in question, then there is a high probability that your suspicions are confirmed and the message arrived in your mailbox with bad intentions.

Finally, have a look at the content of the message and consider the following as suspicious:

  • bad spelling: this is symptomatic of a message that was not proofread by a team that is used to doing this. Spelling and grammar are often neglected, even when the fraud is otherwise sophisticated.
  • request for sensitive data: passwords, bank information, security codes etc. a legitimate operator will never ask you for these by email.
  • links that are not very convincing: just like with the sender’s email address, verify the link’s address by pointing at it with your cursor without clicking. You will see a preview of the link that you can then look at as an additional clue as to the legitimacy of the email.
  • an urgent situation that must be dealt with or there will be heavy consequences: check the veracity of the claim through other communication channels, but definitely not through any links in the email.

What to do when confronted by an obvious phishing attempt?

While you can simply delete the message, there are things you can do to make things harder for those who are sending these fraudulent emails.

1. Alert the email service provider

Some email providers give their users the ability to report these fraudulent emails. Both Gmail and Outlook, for example, have a system in place where the user can, with one click, inform the platform that a phishing attempt has been identified and it may be necessary to block the sender. This action will also delete the message and block the sender’s address.

2. Warn the domain name registrar

The registrar is both the technical and legal intermediary for domain name holders. It is therefore this actor that can take action to put an end to fraudulent activity stemming from a domain name registered with them. Find the domain name registrar in question from the information present in the WHOIS data base. All ICANN-accredited registrars adhere to the Registrar Accreditation Agreement, which requires that they take action regarding this type of situation. The actions may vary considerably, and the result of the complaint will depend on the applicable laws of the jurisdiction in question. If the domain name linked to the email that you received is registered with Gandi, you may submit a complaint to our abuse team using the contact form.

3. Inform the authorities

There may be official governmental websites in your country where you can report phishing attempts. It may also be possible for you to file a complaint or alert your local law enforcement. In these cases it should be relatively simple to search the web to see what options you have in the country where you reside.

What to to if you realized too late that it was phishing.

We can never say it often enough: the golden rule with a questionable email is to not click on any link or download any attached file. If you already clicked one too many times though, immediately take the following actions.

  • if you opened a link, immediately close your web browser,
  • if you downloaded a file, do not open it. If you did, close it as well as any application it may have opened.
  • perform a complete anti-virus scan of your system
  • Change the password on all the services that you use that may have had a related to this intrusion.

Conclusion: with regards to phishing: prevention is best

Even if this is not what you want to hear once it is too late, it is necessary to remind you that the best approach to fishing is to deal with it upstream: using multi-factor authentication for your logins is the best way to protect yourself from these attacks. While doing this will not block the attacks or malware, they will, however render the theft of passwords fairly useless. It is not complicated to put into place, not too hard to use, and will drastically reduce the consequences of an accidental lapse in precaution in the face of a sophisticated fraud. Definitely don’t wait to put it in place!