What to do if your company has a phishing attack
Phishing attacks are becoming more common with larger companies as well as small. Recently, big companies like eBay, HMRC and Apple have all been targets of phishing attacks. It can feel unnerving because you are forced to feel untrustworthy towards whatever email you receive in the future. However, when your company is the victim of the attack, it can feel like a different story. Here are some tips for how to respond when your company has fallen victim to phishing:
Stay calm and gather the facts
When you first hear about a phishing attack, you may want to panic. It feels like you need to act quickly, and you do – but you need to be calm and concise about it. So first, gather the facts. What do you know at this stage? What are the signs you have been hacked? Is data currently secure? Is the leak ongoing? You should also figure out what kind of phishing attack you believe it to be at this stage. Wired.co.uk says there are several types of attacks;
- Deceptive phishing – involves being targeted with a fake link
- Spear phishing – often involves the creation of an email address that looks genuine and is in the name of a colleague. A message will then be sent to the target and appear to be real.
- CEO phishing – involves impersonating a CEO or a person of power to ensure payments are made.
- Changing an IP address of a website – The DNS servers of