You’re not alone. Here’s what’s next.
First, don’t feel too bad — phishing attempts are getting very sophisticated. I haven’t fallen for one yet, but I’ve come very close.
But be prepared for a painful recovery if the phishing was successful.
Your next steps depend on where in the process you are: looking at an email, after clicking a link in the email or other source, or some time thereafter.
What to do next depends on what information you gave the phisher.
Become a Patron of Ask Leo! and go ad-free!
Phished? Now what?
If you’ve only clicked a link and done nothing else, it’s likely you’re safe. It might pay to run an anti-malware scan anyway, just in case. If you’ve clicked on a phishing link and then provided any information to the fake site you landed on — including attempting to sign on — then you need to take steps to immediately secure your account(s). This can be as simple as quickly changing an account password or as complex as contacting a credit card company to report the incident.
In Phishing: How to Know it When You See It, I discuss how to identify phishing attempts.
The basic rule is to never click on a link in email unless you’re positive it’s safe. Go to the site yourself (by typing the URL into your browser or using a bookmark you’ve saved previously).
If you want more clues whether an email is a phishing attempt, look carefully at the link. For example, this link:
does not take you to eBay. You can tell before clicking on it, since most email programs and web browsers allow you to hover your mouse pointer over the link and show you, either as a tool tip or in the status bar, where the link really goes.
When you look at where the link really goes, ensure that:
- The destination matches what you expect. Exactly. If the link claims to be eBay, it should be for eBay.com. Targets like http://ebay.com.hacker.com, http://ebay.signin.services.ru, http://www.ebay.cc (note that it’s not “.com”) are all attempts to deceive you.
- The destination is a name, not a number. If the destination of the link takes you to a link that has numbers, such as http://126.96.36.199, it’s probably not valid and definitely not worth the risk.
- The destination is secure. That means it should begin with https:. If the target destination begins with the regular, unsecured, http: (without the “s”), chances are it’s not legitimate.
If you’re at all uncertain, skip the link and just go to the service manually.
OK, you clicked. Whoops. By mistake, but you clicked.
It opened your browser and brought you to a webpage. And the page looks totally legitimate. How can you be sure? There are several tests:
- All the tests for the link in email now apply to what you see in the browser address bar. If it’s not what you expect — if it’s a number, if it’s not https secure — chances are it’s bogus. If you click on my example eBay link above, this is what you’ll see in your address bar:
Needless to say, that’s not eBay. Don’t continue. (Unless you want to buy me coffee, of course. ).
- If your password manager usually signs you in automatically or auto-fills the username and password, and it didn’t, then it didn’t recognize the URL as the legitimate URL. Don’t proceed.
- If the site asks you to “reconfirm” by providing sensitive information like your credit card number, don’t do it. It’s likely bogus. Merchants do not need to update your entire credit card number if they keep it on file and all they need is a new expiration date or maybe the last four digits. Banks never need this information, as they’re the ones that have it to begin with!
If you’re uncertain at all, don’t proceed. As long as the only thing you did was click on the link and nothing else, then it’s likely you’re ok. (Technically, a fake page could include malware, but that’s rarely the goal. Run an up-to-date anti-malware scan anyway, just to be safe.)
If you did more than click
If you ignored or didn’t notice all the warnings signs above, and after clicking on the link you continued and gave the fake website some of your information, then things get dicey.
If, after you “log in”, you’re only presented with the information you just provided, it’s very suspicious. Legitimate services typically recognize you and display more details that they already have. If the site doesn’t do something like this, then it’s possible they’re simply trying to collect your information.
If after you “sign in” you get an error message or a “service temporarily down” message, or nothing at all, it’s likely you’ve been phished.
Whatever it is you just entered has probably been given to a phisher.
You think you’ve been phished. Now what?
You may need to do several things.
If you tried to sign in to the fake site with your username and password, change your password immediately.
If you provided credit card or other account information, contact the customer service department for each and tell them what happened.
You may need to contact the consumer credit reporting agencies. This is important if you live in the U.S. and gave up your social security number. This is one way identity theft happens: successful phishers open accounts in your name that you know nothing about.
You may want to file a report with the police. This can be an important piece of data to prove you were the victim of identity theft.
The lesson here?
I’m sure you’ve heard stories of how recovering from identity theft can be difficult, painful, and time-consuming.
The real lesson here — the one thing to walk away with — is this: prevention is a much easier than recovery. Pay attention, remain skeptical, and avoid the problem in the first place, and you’ll be much, much safer.
There’s an old adage about telephone marketers: never give any information to someone if they called you. Only give information to someone you called. You know who you called and can verify who you’re calling.
The same is true for the internet: never give information to someone who contacts you to ask for it. Only give information in transactions you initiate with sites you know.
When you go to eBay.com and log in to your own account, you know it’s really eBay and that it is your account. But if you get an email from someone claiming to be eBay, it simply might not be them.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!