Skip to main content

I’m a phishing victim! What do I do now?

Screen displaying a password stolen from a phishing victim.

Technological developments and widespread use of the internet have created many positive effects, including more access to information and greater interconnectedness. However, they also expose users to an array of cybersecurity risks. One of these are cyberattacks which have the ultimate aim of stealing identities, money, or illegally assuming control of people’s accounts and profiles. Phishing, as these cybercrimes are called, is now so prevalent that between January and October 2022, there were over 255 million attacks, a 61% increase on the year before.

Because of the increasing frequency of these attacks—and the damage to individuals and companies that they can cause—it is crucial that people are aware of what these attacks are, how they work, what to do after a phishing attack and, of course, how to prevent them.

What is phishing?

To avoid becoming a phishing victim, it is first essential that people understand what these attacks are. Simply put, it is a type of scam, often executed by emails, text messages, or phone calls, in which a malicious actor manipulates their target into sharing their login information, credentials, or other personal data and then uses these for nefarious means.

The National Institute of Standards and Technology defines phishing as “an attempt by criminals to trick you into sharing information or taking an action that gives them access to your accounts, your computer, or even your network.”

After surrendering their information in the scam, the cybercriminal will usually use the phishing victim’s details to reap financial gains or perpetuate other crimes. This is usually done by using the stolen login credentials to access bank accounts or credit cards, or email inboxes, home networks, social media profiles, and even Internal Revenue Service (IRS) or Social Security accounts. If the stolen credentials include passwords that are used across multiple accounts, then the phisher may be able to access a wider range of the victim’s accounts and cause more damage.

Often, phishers attempt to create a sense of legitimacy for their scams by impersonating reputable companies or people. For example, they might send an email from a major company that the phishing victim might have an account with—in fact, Yahoo, DHL, Microsoft, Google, Facebook, Adobe, and Netflix are among the most impersonated brands. Or, the phisher might impersonate a friend or acquaintance in the phishing message. The message will often include a link directing the receiver to a fake website, where the victim is asked to provide privileged information such as login details, credit card information, or perhaps personal data like birth dates and Social Security numbers.

Types of phishing attacks

There are many ways through which cybercriminals can steal your personal information to access your money or assume your identity. Most of these involve hackers impersonating official representatives of legitimate companies and duping the phishing victim into providing personal details that can then be used for financial gain or identity fraud. Understanding what these cyberattacks might look like can assist with phishing attack prevention. Here are some of the most common ways hackers phish:

  • Email: Many people become phishing victims through malicious emails. These usually appear legitimate, purporting to come from websites that the user has an account with, but are in fact, sent by the hacker to capture personal data. The emails will often contain links that ask the user to enter their login credentials or other sensitive data. The hacker is then able to steal this information—such as password or credit card information—and use them for their own means.
  • Text: Like email phishing, text phishing, or smishing, involve links that appear to legitimate sources and ask users to log into an account or otherwise enter personal details. However, in this case, the link is sent through an SMS or other text messages instead of by email.
  • Phone: In this scenario, the scammer will call the phishing victim saying they are a representative of a legitimate company that the phone owner might have an account with. Often referred to as ‘vishing’, the hacker will then ask for personal information to confirm details of the account and resolve a supposed problem. If the victim provides this data, the scammer can use this to achieve their goals.
  • Social media: Some hackers set up fake social media profiles and run scams to try and harvest other users’ personal information. For example, they might tell the phishing victim they have won a contest and need to provide their phone number, email address, and social security number. Or, they might say there is a security problem with the account and if the user does not confirm their login information their account will be blocked.

It is essential for people to remember that legitimate companies, such as banks, ecommerce sites, and social media platforms, will never ask account owners to provide sensitive information through any of the above means. If in doubt, it is always best to ignore the potential scam and reach out to the legitimate company through official channels.

How to recognize a phishing attack

There are myriad ways through which scammers can steal people’s sensitive information, such as through email, text message, or phone calls, and they can use this in ways that can cause significant damage to the phishing victims. For this reason, being aware of the most common tactics which phishers employ to carry out their attacks is the first step in phishing attack prevention. For example, a scam email, text, or a scam phone call might say that:

  • There has been suspicious login attempts on an account.
  • There is a problem with the account’s billing or payment information.
  • The account needs to have personal or financial details confirmed.
  • A payment must be made by clicking a link.
  • The account owner is eligible for a refund or payment if they fill out their information through a link.

In addition, the message or phone call might show other signs of phishing, such as:

  • Purporting from being from a legitimate company that the potential victim may have an account with, such as Amazon or Apple.
  • Using the company logo in the email.
  • Having the company name in the email address, but in a non-official format.
  • Being unable or unwilling to provide confirmation of their legitimacy.

What to do after a phishing attack

Victims of phishing may wonder what to do after their details have been compromised. There are numerous steps that can be taken which may mitigate the damage from the attack, stop other people from becoming phishing victims of the same scam, and even protect the victim from future attacks. Here are some things to consider.

Figure out what happened

After a phishing attack, victims need to understand how the attack happened. This might involve a bit of investigative work, such as scrutinizing the phishing email or text to work out what the purpose of the attack might have been, checking firewall logs for any suspicious URLs or IP addresses, and working out exactly what information and details might have been compromised. It is also a good idea to check any accounts that might be associated with the stolen information to see if there is any suspicious activity.

Report the attack

For phishing victims wondering what to do in the aftermath of an attack, reporting it to the officials is one possible option. Although this is not always simple or straightforward, reporting the attack is important for various reasons. For example, if a legitimate organization has been implicated in the attack, it could ensure that they are aware that a scammer is masquerading as an official representative. Perhaps more importantly, it may help the victim regain control of any compromised accounts, protecting them from if the scammer tries to perpetrate identity theft, and block any suspicious financial transactions. In the United States, phishing can be reported to the Anti-Phishing Working Group and the Federal Trade Commission while in Europe, the responsible organization is the European Anti-Fraud Office. All of this can help future efforts towards phishing attack prevention.

Contact the implicated company

Legitimate companies are often unwittingly involved in phishing attacks because the phisher pretends to be a representative or sends a message that is supposedly from the company. If this is the case, then what to do after a phishing attack will involve contacting the company in question to let them know about the incident. This way, they can take steps towards preventing future phishing attacks by advising customers to be aware that scammers are contacting clients in their name.

Disconnect the device

In some cases, phishing attacks can be executed with the help of malware. For this reason, it is essential that phishing victims disconnect their compromised device from the internet. This will involve disabling the device’s Wi-Fi connection, or completely disconnecting and resetting the Wi-Fi network. This is important because it ensures that the malware will not be further transmitted through the network.

Update any potentially compromised passwords

Phishing scams will often manipulate victims into providing sensitive information. Usually, they will use a link to redirect the user to a spoof website and get them to enter login credentials like passwords. After clicking a phishing link like this it is best to change any passwords that might have been compromised in the attack. Make sure this is done through the real website and not through the phishing link, and if the password has been reused on other accounts, be sure to change those, too.

Run a malware scan

Anti-virus software is a crucial part of ensuring the security and privacy of any device, but it is also an important part of phishing attack prevention. Once the software is installed, it should scan the device automatically to detect any potential malware. However, it is incumbent on the user to ensure the software is always up to date—simply set up automatic updates—and run periodic manual scans that will check all devices, files, applications, and servers on the network for malware.

Watch out for identity theft

The purpose of some phishing attacks is to steal enough personal information about the target so that the phisher can steal their identity for nefarious purposes. For example, by stealing someone’s Social Security number, phone number, and birth date, the attacker can instigate a sim swapping attack, take out new credit cards, or perpetuate other kinds of fraud. As such, phishing victims should watch for signs of identity theft, such as unexpected financial transactions or medical bills, new credit cards they did not apply for, suspicious login attempts to online accounts, for example. If finances are impacted, the attack should be reported to the United States’ main credit reporting agencies—TransUnion, Equifax, and Experian—to ensure that the victim’s credit score is not impacted as a result of the identity fraud.

8 tips for phishing attack prevention

Despite how prevalent these attacks are, there are many measures people can take to avoid becoming phishing victims. Incorporating these eight tips into the general security measures of an electronic device can help fend off phishers.

  1. Learn the signs of phishing attacks: Being familiar with how phishing scams work means users can stay vigilant and avoid becoming phishing victims.
  2. Delete or ignore suspicious emails and texts: Those who know the signs of phishing can identify potentially malicious messages and actively remove these so that they do not fall victim to the scam.
  3. Check the sender: Conduct due diligence to try and verify the sender of a suspicious message. This might mean checking that the originating email domain is in line with that of the company it is supposed to have come from or checking that the phone number sending a message is an official company number, for example.
  4. Do not click links or download files from suspicious emails: This is an important phishing attack prevention measure, as it ensures the receiver does not give away sensitive details on a fake website or unwittingly install malware.
  5. Report phishing attacks: This can protect other people from potentially becoming phishing victims, and also allows any companies that may have been implicated in the scam to enhance their security measures and alert their customers.
  6. Install and use anti-virus and anti-phishing software: These programs can help protect the user’s security and privacy by filtering suspicious messages and removing and alerting the users about potentially malicious software. Ensure these programs are updated regularly and that manual scans are initiated, too.
  7. Use multifactor authentication: This ensures an additional layer of security for accounts, so that even if a phishing attack is successful, the phisher has fewer opportunities to use the stolen details to compromise bank accounts, social media profiles, or email accounts, for example.
  8. Regularly back up all data: Whether using a smartphone or laptop, ensure that all data on the device is regularly backed up—to an external hard drive or cloud, for example—so that it is always protected and available.

Conclusion

Given the increasing sophistication of cybercriminals, it is unfortunately common for people to becoming phishing victims. Understanding what these cybercrimes are and what measures to put in place to strive for phishing attack prevention is important. However, it is equally important that people know what to do after a phishing attacks. From securing their devices and accounts to reporting the phishing attack and understanding how it happened in the first place, these essential steps can help mitigate any ensuing damage.

Kaspersky Endpoint Security received three AV-TEST awards for the best performance, protection, and usability for a corporate endpoint security product in 2021. In all tests, Kaspersky Endpoint Security showed outstanding performance, protection, and usability for businesses.

Related Articles and Links:

How often should you change your password

How to stop data brokers from selling your personal data

Identity theft: How to secure your personal data

What is hacking? And how to prevent it

Related Products and Services:

Kaspersky Small Office Security

Kaspersky Endpoint Security Cloud

Kaspersky Premium

I’m a phishing victim! What do I do now?

Phishing has become more prevalent over the past few years. Learn more about phishing, prevention & what to do after a phishing attack.
Kaspersky logo

Related articles