Incident Response for Phishing
Incident Response for Phishing
Quick response minimizes damage when phishing succeeds:
Immediate Actions:
- Isolate affected systems
- Reset compromised credentials
- Check for forwarding rules or account changes
- Review recent account activity
- Scan for malware if attachments were opened
- Preserve evidence for investigation
Investigation Steps:
- Analyze email headers to trace origins
- Check if other users received similar emails
- Determine what information was exposed
- Assess potential lateral movement
- Review logs for suspicious activity
- Document findings for improvement