What to do if you think you clicked on a malicious link? (Part 2)
Phishing attacks are commonly used by criminals to trick people into deploying malicious software and/or revealing sensitive information.
Even regular user training and deploying specialist software (designed to screen email senders and flag up suspicious emails) don’t provide complete protection from phishing. Criminals are very good at what they do and constantly find new ways to succeed in their aims. So, if you or someone in your team think there’s a chance that the link that got clicked could be harmful, don’t panic, just follow these steps:
- Disconnect your computer from the internet. This can be done by disconnecting the Wi-Fi, turning on Flight Mode, or unplugging the ethernet cable.
- Be honest and tell the person responsible for IT in your company, your supervisor and/or IT support. Any further steps will depend on what your IT provider recommends. Don’t be afraid, a company with a good phishing policy will not blame the employee. Do not reconnect until instructed to do so.
- If you need to check your Microsoft computer for malware yourself, you can run the Windows Malicious Software Removal Tool;
Press the Windows key

and the R key simultaneously

This Run box will appear in the bottom left-hand corner of your screen

Type mrt and click OK and the User Account Control box will open.

Click Yes to open the tool

Then click Next

Select ‘Quick scan’ and then Next and allow the tool to scan your computer.

If any infections are found these will be automatically removed.

As you can see, no malicious software was found on our computer. However, if there had been, this screen would report it and confirm that it had been removed.
Click Finish and repeat the process.
This time you should select ‘Full scan’ instead of ‘Quick scan’

Start and allow to scan, this will take some time.
Further actions will depend on which anti-virus product is installed on your PC (for example, ESET Endpoint Security or Microsoft Defender).
Whatever product is installed, scan for malware and follow any recommended actions that result.
- Change any usernames and passwords that could have been captured.
- Use different passwords for each login when you change them
- Alert the business or person the email appeared to be from by telephone using their phone number from your records of the official website (do not call the number on the email as this could be incorrect.)
- Forward the suspicious email to report@phishing.gov.uk and then delete it from your inbox.
- Evaluate your system for vulnerabilities and consider what can be done to prevent further breaches.
Look out for Part 3 of our series of blog posts about phishing, we’ll be sharing details of what can be done to prevent these emails from landing in your inbox and explaining how each of these email filtering methods works.
Our Managed IT Service is designed specifically to meet the needs of small businesses in the North West, allowing them to focus on what they do best.
So, if you run a small business in the North West and want more information about anti-phishing software, require a security audit, cyber security training, or other help then please get in touch.