Think before you click that link! Or you may fall victim to a phishing scam. A phishing scam is a fraudulent attempt, typically via email, to obtain access to sensitive information such as passwords, credit card numbers and social security numbers.
Most people know how to spot a spam or fake message. However, many phishing scams appear to come from legitimate sources such as banks, universities or package delivery services. Typical examples include fraud alerts, missed payment notifications or requests to update accounts. Nothing out of the ordinary but nonetheless instill a sense of urgency to take action and entice a recipient to open the message. This is known as deceptive phishing and is the most common form of phishing scam.
Spear phishing scams take the deception a step further by targeting and personalizing messages using the recipient's name or other personal details to appear more legitimate. Other common forms of phishing include Whaling or CEO fraud (targeting top executives), Spear Phishing, and Pharming.
Opening a phishing message or clicking on any of its links can result in exploited information and infection of the computer. It creates immediate risk exposure for an individual or the company they work for. If you happen to fall victim to a phishing scam here’s what to do next:
Scan your System for Malware
First, disconnect your computer from the internet then run a complete scan of the antivirus program. Make sure you have the latest version of your antivirus software. Do not do anything else on the computer until the scan is complete. If the program picks up on any suspicious files or applications, simply follow the program’s instructions on what to do next.
If you do not feel comfortable running an antivirus scan, take your device to a professional to help.
Change your Credentials
Malware may be used as a vehicle to harvest personal data including usernames and passwords. Make sure to change credentials especially on sensitive sites used for banking, email, social medial or anywhere that stores personal data.
Furthermore, do not use the same username and password for all online accounts. This only makes it easier for hackers and will only increase the impact of identity theft.
Notify Credit Agencies and Set-up Fraud Alerts
Contact one or all three of the major credit bureaus (Equifax, Experian and TransUnion) to set up a fraud alert for the next 90 days. This will help prevent a successful hacker from using your identity or opening accounts in your name. A more prudent step is to freeze credit lines until needed. This requires going through all three bureaus.
Check Accounts Regularly
Setting up automated fraud alerts will help protect you from further damage caused by the phishing scam however, more often than not individuals detect fraudulent activity by diligently checking their own accounts. Financial, email and social media accounts become especially vulnerable after a phishing attack.
Proceed with Caution
The digital age allows for unprecedented levels of convenience and ease of communication. However, it also increases vulnerabilities to scams and theft. It is best practice to always err on the side of caution and to simply delete emails that seem off.
Even if you do not fall victim to a phishing scam or hack, regularly update passwords and credentials just to play it safe.