You Clicked a Phishing Link...NOW WHAT? (3 steps)

You Clicked a Phishing Link Panic! I clicked on a phishing link...or did I? I can't tell. As these attacks get more sophisticated, sometimes it's hard to be a hundred percent sure. Whether it's a link in a text message or a downloaded email attachment, the important thing is that you take action immediately. Today, I'm going to walk you through three critical steps you need to take, and at the end I want to explain preventative measures that all of us should take for the future. Alright, step one, Step 1: Don't Panic & Disconnect don't panic. I mean, unless your bank is currently being drained of all your savings, you usually have a little bit of time to slowly consider your options. If possible. I'd say disconnect your device from the internet. Turn off wifi, unplug the ethernet cable. We just don't want any potential malware to have the ability to move across your network. More often than not, these kinds of attacks aim to do one of three things. They're either swiping, login credentials, installing malware, or in the worst case, they steal session tokens that allow them to take over your accounts. So step two is to determine which of these is most likely, Step 2: Evaluate & Act and then to take action from there. For example, if the link led to a bank login page and you input your login credentials, I'd recommend calling your bank right now to let them know what happened. Similarly, if you input all your credit card info, you might want to cancel that card just to be safe. I know it sucks. It's inconvenient, but dealing with your bank and fraudulent charges really isn't fun either. In the case where you give over sensitive information, such as your social security number, your ID number, that's really unfortunate. Changing this number isn't an option, at least not an easy one. So it might be that you need to just start vigilantly monitoring your identity in credit. I recommend you freeze your credit and then learn how to check your credit report, both of which are free. Thankfully, I've created video tutorials for both of those that will walk through exactly how to do that, and I'll link to those in the description below. Okay, for me, one of the scariest things is when I accidentally click a link or an email attachment and nothing seems to happen. That's what I'm most worried about malware. You'll want to find a way to scan your device, whether it's your laptop or your mobile device for your phone. Watch this video to see what I recommend for desktop computers. Run some kind of malware scan using any of the popular antivirus softwares out there. And speaking of scanning, since you're already in action mode, Erase Your Online Information with DeleteMe it's worth taking the time to scan for your personal information that might be floating around the internet. This video is sponsored by DeleteMe, and this is a service that I've used for years now to scour the internet for personal data, like my phone number, home address, email address, and so much more. Hackers take this kind of publicly available information and they match it with the stuff that they've stolen from you in a phishing attack, and then they can really wreak havoc on your digital life. Signing up for DeleteMe is simple and very much a set it and forget it type of service. Get a special 20% off at joindeleteme.com/allthingssecured. Okay. Step three is to lock down your affected accounts. Step 3: Lock Down your Accounts Most things you read online will tell you to change your passwords, which I agree that you should go through and do, but I would go one step further. There's a security setting you'll find with many online accounts nowadays that allows you to remotely revoke all device authorizations. Right now, all your devices probably have trusted access to your accounts, which means that you don't have to input your password every single time you open your computer or open the app on your phone. This is convenient, but in the rare case that your device is trusted, session token has been copied or stolen as a part of this phishing attack, you'll just want to start clean, right? So email's a perfect example. If I'm worried about my email account or even my YouTube channel, I'm going to click my manage my Google account, find the security settings on the left side menu. I'm going to scroll down until I find the option to "Manage All Devices," and then I can go through each device and sign them out one by one. Now, obviously this means that I'll have to sign back in for each device, but it also resets the session tokens for most services. I would try to do this for pretty much any account where you stay continually logged in, including your email and your social media at this point. Now that you've followed these three steps, Preventative Measures or if you're watching this through just for future reference, it's time to start taking preventative measures. If your accounts aren't protected by two-factor authentication, you should start doing that right now. Even if somebody steals your username and password and a phishing attack, a second form of authentication such as an authenticator app or a security key offers critical protection that is extremely difficult to bypass. Second, learn how to check links to see if they're safe. Sometimes I'll use Google's Safe Browsing tool, or if it's a shortened bit.ly link, I'll use the CheckShortURL.com site to understand where that link is going. And finally, STOP Method for Phishing Protection I want to train myself and my family to spot scams and phishing attempts using the STOP method. This simple acronym reminds me to stop whenever I see a message, to determine whether it's a suspicious sender or even just a suspicious message, whether it's telling me to click something, offering something amazing or too good to be true, or pushing me to act quickly. Learn more about the stop method here and be sure to visit joindeleteme.com/allthingssecured to start erasing your personal data off the internet.