So you tried your best to avoid a phishing attack but one day your laptop woke up with the flu bug. Criminals use phishing attacks to try to get at your personal information. You receive a legitimate-looking email with a link or attachment attached and you take the bait. After the initial shock wears off what do you do?
First and foremost, disconnect your device immediately to get offline. The criminal could be in the process of installing ransomware on your computer. So if you have a wire connection, simply unplug the internet cable. If your device is wireless, disconnect it from the wifi network.
This can prevent other attempts to infect other devices on your network AND it also stops someone from accessing your email contacts to send THEM phishing emails.
Who would suspect an infected email coming from a friend or colleague?
If the phishing email appeared to come from your…
- Financial Institution
- Email Provider
- Social Media Sites
…then, you should go to the real website by entering its URL instead of clicking a link. Just remember that a legitimate site will have a padlock or other icon to let you know it is secure. Also, take a look at the return email address. If the email is allegedly from Bank of America for example, and the return email address is something like “email@example.com” then it’s probably NOT a legitimate email.
Once on the legitimate website, you need to change your password. (Even if you were not the victim of an attack, it is wise to change your passwords on a regular basis.) And if you are like most people, you use the same password for more than one website. It is best to be safe by changing those passwords as well.
Placing an Alert
If you think personal information might have been compromised, you can place an alert with the three major credit bureaus as a sign to potential creditors that you could be a victim of identity theft. What does the fraud alerts do? It notifies creditors to contact you before they open a new account or make changes to an existing account. By law, if you notify one credit bureau, it has to notify the other two bureaus. (For contact information for the three major credit bureaus, check at the end of this article.)
Notifications from Websites
Some websites notify you if there appears to have been suspicious activity. Google’s Gmail, for example, will tell you if there is more than one location logged into it. Credit card companies look for signs of unusual activity and may notify you to verify that the transaction was valid.
Once I tried to use my debit card at a gas station but could only get a couple gallons because the pump was so slow. I drove down the street to another station and pumped my gas. My card company called to make sure it was valid since I had tried to use it multiple times.
Also, check bank or credit card statements regularly to make sure fraudulent transactions do not show up there. Even if you have not been phished this is a wise course of action to follow.
Notifying the Company
You should also notify the company that was mentioned in the phishing email about your experience. It may help them protect others from suffering the same fate. They should have a method in place to assist you when you contact them. Sometimes they will want you to forward the infected email to a special email (like firstname.lastname@example.org).
You can view the full email including header information which can provide a clue. In Google Gmail, for example, you can click on the three-dot menu and select “Show Original”. That’s why the company may ask you to send the email.
Updating the Security Software on your Computer
Next, you should update your antivirus software and do a full scan of your computer (and possibly external hard drives) to weed out malicious viruses or malware. There is no excuse for not using antivirus software on a regular basis; there are several very good software apps that are also free. You should be doing so on a regular basis, right?
You should also make sure that you backup your data regularly either to another hard drive or to an offsite location on the cloud. You will be very grateful for this simple action if your hard drive crashes. Again there are good backup apps available that are not expensive or are free. Make that investment now for peace of mind.
File a complaint with the Federal Trade Commission (FTC). The FTC keeps a database of identity theft cases that is used by law enforcement agencies in their fraud investigations. (Contact the FTC at www.consumer.gov/idtheft or 1-877-ID-THEFT.)
If you happen to be an eBay aficionado and think your account there has been affected, you should change your password immediately and also check to see if there are any new listings or bids in your name. The fraud line for eBay is 1-866-961-9253 and no, that is not the number for everyday help inquiries.
What are some things you can do to prevent phishing?
- Two-factor authentication – for the sites that support this, it is a good preventive measure. It requires two forms of authentication in order to access an account.
- Subscribe to an ID theft prevention service that monitors your accounts and helps to prevent another attack. If a major data break-in occurs at your bank or retail businesses where you shop, check to see if that institution or business offers ID theft protection service for free.
- Invest in a VPN, or Virtual Private Network. This service allows you to browse the internet anonymously and securely. Some VPNs have servers around the world so an added benefit would your being able to connect to a server in the UK and watch the BBC programs!
I hope this information has given you a good start in recovering from a phishing attack and also preventing the next one.
Here is the contact information for the three major credit bureaus: