Fallen into a phishing trap? This is how you can limit the damage.
Phishing attacks are often carried out with very carefully crafted e-mails, which can hardly be distinguished from legitimate e-mails from a company. So well counterfeited, that despite your caution, you still fell for a phishing attempt. What now?
In our previous article, we explained what the intention is behind a phishing mail and how you can recognise a fake e-mail. If you nevertheless fell into a phishing trap, you must take measures immediately. Which ones depends on how the phishing was carried out and which data was compromised. This is a guideline.
You opened an attachment with a phishing mail
The attachment can contain various types of malware that cannot just infect your own computer but your entire network:
- Viruses, worms and Trojan horses
- spyware like a keylogger: collects information about you and sends this to a third party, or takes control over your device to use it in a botnet.
- adware: places additional adverts on each web page that you visit
- ransomware: encrypts all data on your computer; only after payment of the ransom will you receive a key to decipher the data
If you open an attachment in good faith and fear that you have activated a malware, then follow these steps.
- Disconnect the connection between your device and the network/Internet. This way, you prevent that you do not just infect others, but you also prevent that the malware will send data or collect instructions from the attacker. Plus, the attacker is unable to penetrate your device. If you are connected with a cable, simply pull out the cable. If you are using a wireless connection, turn off the Wi-Fi. You do not know how to do this? In the worst case, simply unplug your cable modem.
- Make a backup of all your data to prevent that this is damaged or erased when removing the phishing malware.
- Carry out a full malware scan with your antivirus program. This might take some time – be patient and meanwhile do not use your device. If the program can remove the malware, it is fine. If not, engage the help of a professional.
You entered confidential data on a phishing website
Depending on the type of data you entered, the attacker can perform all kinds of malicious actions:
- make purchases from a webshop in your name
- impersonate you to ask your friends, acquaintances or colleagues for money
- gain access to your work account to steal data
- make purchases with your credit card
- log in to the control module of your website to infect your visitors with malware, or steal your customer database
If you entered your data and password on a bogus website in good faith, then follow these steps to limit the damage:
- Immediately change your password. If you use the same password for various services (strongly discouraged!), also change your password for these services.
- Do not forget to change the answers to the security questions – the questions you must answer to obtain a new password if you have forgotten yours.
Victim of phishing? Do not just change your password but also the answers to the security questions that are asked in case you have lost your password!
Subsequently take the additional steps:
- Payment details: Did you specify your credit card details on a fake website, or your details for Internet banking? Block your card via CARD STOP (070 344 344). As soon as you have done this, you are no longer liable: no payments or money transactions can be performed. With Internet banking, change your PIN number at a cash machine as soon as possible.
- Webmail: If you did not immediately recognise the phishing attack, there is a risk that the attacker can collect all kinds of data from your mails, e.g. login details for other accounts, contact details of family and friends. Check whether the attacker has searched your account. With Gmail, you can do this via Last Account Activity.
- Web services (such as a dashboard for the online management of your domain names, WordPress site, etc.): check the log files to see whether the attacker had already gained access to your control panel. If this is the case, check which data he had access to. If the attacker had access to your customer database, you must unfortunately also inform your customers. Remember the new GDPR rules in this respect: you must also inform the privacy committee!
- Check with your friends and acquaintances whether they have received any strange mails or other messages from you. Inform them about the phishing fraud and warn them for the mail in question.
- Report the attack to the company, the banking institution or the organisation whose name was fraudulently used. For Visa, you can forward the phishing e-mail to phishing@visa.com, for Mastercard to StopIT@mastercard.com. More info on mijnkaart.be.
- In case of financial fraud, you can report this to the local police or meldpunt.belgie.be.
- You can forward phishing mails to verdacht@safeonweb.be.
You can find more information on Safe Internet Banking. This video explains everything again. But remember: prevention is better than cure - use a healthy dose of mistrust when opening mails!
Have you entered your banking details on a phishing website? Immediately block your bank card via CARD STOP (070 344 344).