Phishing is devastating. It preys on people’s trusting nature and takes advantage of the complexity of modern computer systems to confuse people. Phishing is common, and it’s very likely you or someone you know will be a victim of a phishing attack. This is scary and frustrating to deal with, and while there aren’t any firm rules on what to do after, there are some guidelines.
First, if you ever think you’ve been hacked, take a deep breath, and read every word carefully of any messages you’ve received. Hackers will sometimes try to scare you into thinking you’ve been hacked when you haven’t to hack you. If you really did get hacked, rushing to fix it probably isn’t going to matter anyway — hackers generally do their work quickly. Slowing down to double-check what’s happening can prevent you from getting hacked in the first place, or allow you to deal with a hack more effectively.
If you realize you have been hacked, here are the three broad steps you should respond with:
- Verify and ensure your email account is secure first. This is your most important account. If your email was hacked, attackers can more easily breach your other accounts. Change your password and ensure your 2FA method(s) are correct.
- Once you confirm your email is secure, investigate what accounts are affected.
- If you can log in to the affected account(s), ensure that any emails and phone numbers are correct. Attackers often try to change the login email to permanently take the account. Double-check apps attached to the account (you can usually find this under “security” or “apps”)
- If you can’t log in, find the account recovery portal for the service. Some will take government IDs as proof, let you use an old email address to regain access, or something else.
- After you secure your accounts, assess the damage. What happened? What did you lose? Some more things to think about:
- Do you need to put out a statement explaining what happened or delete any posts?
- Did you ensure your name, email, phone and other account info are correct on all of your critical accounts?
- Did you enter any financial information, like your bank account or payment card, into a phishing site? Cancel your card or contact your bank if so.
- If you bought gift cards, do not give them away. If you already gave them (or their codes) away, contact the retailer at their gift card or fraud line. You may be able to freeze the card or take other action. If the money is unrecoverable, you may wish to contact law enforcement to file a report. Getting funds back can be difficult.
- (Optional, but recommended) Report the fraud to the FTC and your attorney general.
One last note: don’t beat yourself up. Hacks can happen to anyone, even the most tech-savvy. Multiple studies have shown very little or no correction between things like technical ability and the risk of being phished. Even the smartest, most alert, IT expert can have a bad brain day and make a terrible, obvious mistake. We’re all human, after all.
Congrats on reaching the end of Block 1! Let’s recap what we learned.