It happens to the best of us: You might be totally up to date on all the latest phishing scams and still fall for one. While it’s definitely panic-inducing to realise you just clicked on some scammy link, there are some easy steps you can take next to minimise the damage and secure your devices and data.
What to do if you entered information into a suspicious site
This seems like a given, but it’s worth mentioning: Ideally, you won’t enter any information into any text boxes or download anything from a suspicious site. Still, in the event you did enter your information somewhere, according to the University at Buffalo’s Information Technology department, you need to change the password on the account that was targeted. If you use that same password on any other accounts, change those, too — and make them all unique.
If you entered information related to your finances, call your bank’s hotline (which you’ll likely find on the back of your debit or credit card) and report the incident. Check over your statements for any signs of account misuse or violation. Consider putting a lock on your credit records to stop anyone from opening a new account and check your bank’s website for specific tips on what to do next. In the event you transferred money to a scammer, report the incident to the local police.
Put a lock on your credit reports (Transunion, Equifax, Experian, and Innovis) and notify the Federal Trade Commission you were phished, especially if you entered in your social security number.
How to secure your accounts and devices
Whether you entered in any information or not, here’s what you should do after clicking a phishing link, per cyber security company aNetworks:
- Disconnect your device from the internet to stop any malware from spreading to other devices on the network.
- Back up your device using physical, external devices like USBs, so you don’t have to reconnect to the internet but can be sure your data doesn’t get erased.
- Scan your device for malware, but be advised if you don’t have an antivirus program already installed and you’re not a tech wizard, you might need to call a professional to help you.
- Change your credentials across all your accounts and, when possible, enable two-factor authentication.
Christopher De Gaeta, director of IT services for G/O Media, explained that once you’ve cleaned out the malware — or if you don’t find any — you’re safe to reconnect to the internet so you can change your passwords and toggle on multi-factor authentication, though “some might argue it’s not totally safe and only a wipe of the computer is the true method to ensure.” Consult with a professional or your IT department to determine if a wipe is necessary before reconnecting. I once clicked a phishing link and De Gaeta talked me out of my doom spiral, so I can vouch for his authority and the value of going straight to your IT department, even if you’re embarrassed.
De Gaeta also suggested setting up fraud alerts, especially if you handed over any sensitive information like your social security number, because someone who got ahold of your details will “rarely wait to start using them.”
After you’ve followed these precautions and the panic is subsiding, don’t forget to take some steps to stop it all from happening again. Spend some time learning about the different kinds of scams — like “smishing attacks” — and enhancing your technological literacy so you can more easily recognise the next phishing attempt, because there will be another. Scammers don’t take a break, so neither should you.