Skip to main content
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

What To Do After a Phishing Attack

By Christopher Coble, Esq. | Last updated on

Click here! Update your login information, or your account will be frozen! Give us all of your personal information! Do it now!

That's a phishing scam.

A phishing scam involves emails or websites that try to trick people into entering confidential information such as account usernames, passwords, credit card numbers, social security numbers, etc. Some phishing emails are obvious junk. They say you've won a contest for a trip to Bermuda. Some are trickier. They claim to be from Microsoft or Bank of America or the IRS. They tell you that you need to change your password immediately, or your account will be canceled.

If you've received a phishing email, don't click on any attachments or links, and don't enter and information into the actual email. However, if you believe you may have been a victim of phishing, here are some things you should do immediately:

1. Do a Virus Scan

In addition to stealing your information, a phishing email may infect your computer. Install an anti-virus software, and run a full scan of your system.

Just make sure you use a reputable anti-virus software and not a rogue security software, also known as scamware. Scamware promises to protect your computer. Instead, it provides no security and attempts to lure you into disclosing your private information.

2. Change All Your Account Log-In

If you have entered any information into a phishing email, go and reset all your accounts. Change your usernames, passwords, and pins.

DON'T click on any links in phishing emails to change your password. This will lead you to a phishing website, and defeats the point of any precautionary measures. Open your browser, and type in the website address you usually use instead.

3. Notify The Credit Reporting Companies

Contact Experian, Equifax, and TransUnion, the three credit reporting agencies, and place an alert on your credit report. This lets them and other potential creditors know that you may be a victim of identity theft.

While you're doing this, make sure to request your credit report from Check to see if there are any credit cards or debts that you did not sign up for on your report. If there are, take steps to correct the errors as soon as possible.

4. Train Your Employees

Even if you are wise in the ways of phishing emails, your employees may not be. They could be the weak link in your security armor. Train employees on how to recognize phishing emails, and implement a policy against using work computers to check personal emails.

If you've been a victim of phishing, an experienced Internet lawyer may be able to help.

Related Resources:

Was this helpful?

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard