The first 6 steps you should take
Phishing remains one of the most common ways for nefarious individuals and organizations to obtain your personal information—which they may then use to hack your accounts, steal your identity, or make fraudulent purchases.
Phishing comes in many different forms and is constantly evolving. For this reason, you should never feel guilty if you end up falling for a phishing attack. Phishing can be really subversive and sneaky, and even very wise and educated people have fallen prey to these attacks.
Aside from forgiving yourself, though, what should you do if you realize you just fell prey to a phishing attack? Here are the first six actions you should take.
1. Turn off the WiFi.
If you clicked on a fraudulent link, turning off the WiFi may stop the installation process of any malware the fraudster was hoping to install on your device. And if you entered some information in a form, turning off the WiFi may stop that form from submitting. There are no guarantees here. In fact, the chances that this works are pretty slim, but since it's easy enough to do, you might as well try it.
2. Take screenshots.
Take a screenshot of whatever website you were directed to, the form you filled out, the email you were sent, and any other information related to the phishing attempt. These will come in handy later when you contact the authorities.
3. Change your passwords.
It's really common for phishers to use your information to get into one or more of your accounts, change the password, and then close out of those accounts. You need to work quickly to hopefully beat them to the punch. Change every password you can think of. If possible, do this from a separate device from the one you were using when you fell prey to the phishing attack. Use separate passwords for each account, and make sure you write them down on paper, so they can't be obtained by any malware that may have been installed on your device by the fraudsters.
4. Scan for viruses and malware.
Run a virus scan and make sure the "scan for malware" option is also checked. The sooner you find and delete anything that may have been installed during the attack, the better.
5. Contact the organization that was spoofed.
Most phishing attempts involve the fraudster mimicking a legitimate organization. For instance, you may have clicked on an email that appeared to be from your bank, or you may have been sent a text message that appeared to be from your favorite online vendor. Email the organization that was mimicked, and include any screenshots that you took during the attack.
Most companies track these fraud attempts so they can warn their other members and customers about them. And if they know you fell prey to a phishing attempt, the company might be able to take additional security precautions with your account. For instance, your bank may put an alert on your account and call you before each transaction is allowed through.
6. Contact the Federal Trade Commission.
The FTC monitors phishing attempts and can also walk you through the process of determining whether your credit cards, bank accounts, or other accounts have been compromised. The sooner you contact them and let them know, the better. They can put a 90-day alert on your account, which will make it harder for fraudsters to gain access.
Falling prey to a phishing attack can be nerve-wracking at first, but if you take the actions above, you should be able to protect yourself from the intended fraud.