Five steps for reporting a successful phishing attack (end-users)

As an employee at your company, you try your best to protect your organization from becoming the victim of a cyber attack. Learning about common phishing tactics, being cautious about links you click, and reporting a successful phishing attack are great ways to promote your team’s cybersecurity culture. No matter how educated or aware you are, people occasionally make mistakes. If you believe that you have opened and interacted with a phishing message, there are steps you can take to help mitigate the potential attack.

1. Stay calm. Take a deep breath and follow the below steps. The worst thing you can do is ignore the situation.

  • If you have not clicked a link, entered any information, or downloaded an attachment, report the attack using the Phish Reporter button to ensure the message is not a phishing simulation. If it is a simulation, pat yourself on the back! If not, move to the next step.
  • If you have clicked, entered information, or downloaded an attachment, submit the attack via the Phish Reporter button and proceed to the next step.

2. Tell someone. Contact your MSP, IT team, or other security administrator to immediately alert them of the attack. If your company has a process or a contact hierarchy for who to contact about security incidents, follow those steps carefully. Letting IT know what happened is crucial. If you interacted with a phishing link or downloaded a potentially malicious file, send a separate note to your IT team to let them know what happened.

3. Document the situation. Take pictures of the stages of the attack you still have open and available (do not click through the link or download a file again). Include the phishing message, where the link led you (if you clicked), what appeared if you downloaded an attachment, and the sender’s information. If possible, take these pictures with a secondary device, like your smartphone, in case your device is compromised.

4. Take notes. Write out your experience of what happened and when. Every little bit helps! On a physical piece of paper or secondary device, include notes answering the below questions:

  • What did you notice?

  • Why did you think it was a problem?

  • What were you doing at the time you detected it?

  • When did it first occur, and how often since?

  • Where were you when it happened, and on what network? (office/home/shop, wired/wireless, with/without VPN, etc.)

  • What systems are you using? (operating system, hostname, etc.)

  • What account were you using?

  • What data do you typically access?

  • Who else have you contacted about this incident, and what did you tell them?

5. Be patient. This response may feel disruptive, but you protect your team and the organization! Educated end users can help mitigate potential phishing attacks and ease the process of reporting actual attacks in their inboxes. Share this resource with your team to help everyone in your organization understand best practices for what to do if anyone accidentally interacts with a phishing message.