Phishing/spam Incident Response Guide

By adhering to this guide, agents can effectively safeguard users from immediate threats while ensuring that phishing attempts are reported for further investigation and resolution.

Step 1: Verify User Actions

Check if the user has clicked any links in the email
If "Yes": Instruct the user to immediately leave the website they visited and refrain from interacting with it any further.

Check if the user has entered any credentials or personal information
(e.g., usernames, passwords, bank details)

If "Yes": Report this to TDAC immediately for further investigation.

Check if the user has downloaded any files from the email

If "Yes": Instruct the user not to open the downloaded file and Report this to TDAC with complete details.

Step 2: Immediate User Actions

Instruct the user to take the following steps:
Leave any suspicious website or page they opened from the email.
Stop interacting with the email or any links/attachments from it. Ask the user to mark the email as Spam in Google to help educate the filters.

Step 3: Report the Incident

Flag the phishing attempt to TDAC immediately by Service Desk if

User has click on a link.

User downloaded an attachment.

We are seeing multiple copies of the same phishing email for different users.

Provide them with all the relevant details for further investigation.

Step 4: Educate the User

Remind the user that phishing attacks can often look like legitimate messages but are designed to steal sensitive information.
Never share sensitive information (e.g., passwords, bank account details, company information) through email.
Warn the user about the dangers of clicking on links or downloading attachments from unsolicited or suspicious emails.

We can also direct the user to the ISMS page on Phishing: https://sites.google.com/randstad.co.uk/ismsource/phishing-awareness