Implementing small precautionary steps can help protect you against the potentially enormous consequences of getting caught by a phishing scam. Phishing is the malicious practice of gathering personal information, such as bank account and credit card details, passwords and more, through deceptive emails, texts, phone calls or websites.[1] In a recent blog post by CaseyGerry attorney Alyssa Williams, she outlines a few basic ways to protect yourself, and what to do if your information has been phished:
Phishing has been around for more than 20 years and, unlike malware and other exploits that are usually patched with haste as soon as they are identified, phishing shows no signs of going anywhere. Not only that, but once your information has been stolen, it leaves you at risk for identity theft and other fraud for years to come. Some victims have to file paper returns with the IRS for many years, among other hassles.
Short of renouncing modern life and living entirely off-grid, phishing is likely to be a reality for the rest of your life. (And even if you were to go off-grid, it’s probably too late.)
So, what can you do to protect yourself? Quite a lot.
- When receiving an email which you suspect to be fraudulent, do not open any attachments.
- Do not click on links in emails without verifying the actual URL. So, for an embedded link (like this), hover your mouse over it and check the URL displayed at the bottom of the window.
- Similarly, do not click on emails or links from unknown sources.
- Report suspected phishing to your email provider or other relevant company (Twitter, for example, has a spam reporting option).
- If your employer has not provided any formal training about online security, consider raising the issue. Many consultants exist who will provide training and even run phishing “tests” for compliance.
As is all too common these days, if you receive a notice that some of your information has been compromised in a data breach – recent ones include Saks, Panera, and MyFitnessPal – be on heightened alert for phishing scams. Sometimes scammers will take the information they obtain through data breaches to craft more targeted and sophisticated phishing schemes.
What if you suspect your information has already been phished?
The Federal Trade Commission (FTC) has put together an excellent resource for victims, including an interactive tool that will help create a recovery plan. Below are some of the common steps you can take following suspected identity theft:
- Change all of your passwords and do not reuse any old passwords. Consider using a password manager.
- Contact the companies where you know fraud occurred—most larger companies will have a fraud department.
- Contact local law enforcement to file a police report, particularly if you have already experienced actual identity theft, such as a fraudulent credit line opening in your name.
- Place a fraud alert with the credit reporting companies. An alert is effective once filed with one of the three credit bureaus, as they are legally obligated to notify the other two. A fraud alert makes it more difficult for accounts to be opened in your name and requires businesses to verify your identity with you before issuing new credit in your name. Fraud alerts are effective for 90 days and can be renewed.
- Another option is a security freeze, which must be placed separately with each credit bureau.
- Consider obtaining legal advice about your rights.
Read more from Casey Gerry on this and related topics here.
[1] http://www.phishing.org/what-is-phishing
This information is for educational purposes only and is not intended to provide legal counsel or serve as legal advice. If you have a legal matter, it is best to consult the advice of an attorney. You can get referred to an attorney for a free 30-minute consultation through the San Diego County Bar’s Lawyer Referral & Information Service at www.sdcba.org/ineedalawyer or by calling 1 (800) 464-1529.