What To Do After a Phishing Attack
Click here! Update your login information, or your account will be frozen! Give us all of your personal information! Do it now!
That's a phishing scam.
A phishing scam involves emails or websites that try to trick people into entering confidential information such as account usernames, passwords, credit card numbers, social security numbers, etc. Some phishing emails are obvious junk. They say you've won a contest for a trip to Bermuda. Some are trickier. They claim to be from Microsoft or Bank of America or the IRS. They tell you that you need to change your password immediately, or your account will be canceled.
If you've received a phishing email, don't click on any attachments or links, and don't enter and information into the actual email. However, if you believe you may have been a victim of phishing, here are some things you should do immediately:
1. Do a Virus Scan
In addition to stealing your information, a phishing email may infect your computer. Install an anti-virus software, and run a full scan of your system.
Just make sure you use a reputable anti-virus software and not a rogue security software, also known as scamware. Scamware promises to protect your computer. Instead, it provides no security and attempts to lure you into disclosing your private information.
2. Change All Your Account Log-In
If you have entered any information into a phishing email, go and reset all your accounts. Change your usernames, passwords, and pins.
DON'T click on any links in phishing emails to change your password. This will lead you to a phishing website, and defeats the point of any precautionary measures. Open your browser, and type in the website address you usually use instead.
3. Notify The Credit Reporting Companies
Contact Experian, Equifax, and TransUnion, the three credit reporting agencies, and place an alert on your credit report. This lets them and other potential creditors know that you may be a victim of identity theft.
While you're doing this, make sure to request your credit report from AnnualCreditReport.com. Check to see if there are any credit cards or debts that you did not sign up for on your report. If there are, take steps to correct the errors as soon as possible.
4. Train Your Employees
Even if you are wise in the ways of phishing emails, your employees may not be. They could be the weak link in your security armor. Train employees on how to recognize phishing emails, and implement a policy against using work computers to check personal emails.
If you've been a victim of phishing, an experienced Internet lawyer may be able to help.
Related Resources:
- Browse Internet Lawyers by Location (FindLaw's Lawyer Directory)
- Twitter's New Guide for Small Businesses: 3 Legal Tips to Add (FindLaw's Free Enterprise)
- Send Fake 'Phishing' Emails to Test Employees? (FindLaw's Free Enterprise)
- Most Small Biz Still Vulnerable to Cyber Attacks (FindLaw's Free Enterprise)
