What should I do if I fell for a phishing scam?
This question was answered on December 5, 2024.
Photo by Marielle Ursua on Unsplash
Phishing scams are a low-effort, low-risk, high-payoff process for cybercriminals that focuses on exploiting human behaviors. Instead of trying to hack into secured systems, hackers have found it much easier to exploit the human emotions of fear, greed, and urgency through sophisticated social engineering tactics.
With the addition of AI and the ability to constantly test new scams, this form of exploitation will continue to be one of the most common threats we all face.
Your safeguarding steps will be based on exactly what you did in falling for the scam.
Did You Click On Anything?
Many scams include links to malicious websites or attachments that have hidden malware embedded in them. Malicious links can take you to a website that looks like a legitimate login page or can be a rigged site to silently check your system for missing security updates.
If you’ve noticed a slight change in speed or how things work, especially when you are online, this may be an indication of a malware infection. If you want to play it safe, disconnect from the Internet and perform a thorough malware scan of your system.
If you are unsure about a malware infection, avoid doing anything with your computer that involves sensitive information until you’ve determined that your system is clean.
Change Your Password
If you fell for a clever login scam and typed in a password, go to another computer or your smartphone to reset the password immediately via the legitimate site's system.
Make sure you use a new, unique password and make it at least 12 characters or more to improve the security of the new password.
These password ‘harvesting’ techniques are sent to millions of victims, so if you change your password quickly, it’s likely you can stay ahead of the hackers.
Assume They’ll Use Credential Stuffing
This is where things can get a bit involved if the password you typed on the scam page is used on other online accounts. Hackers know that many people use the same password on mulitiple accounts, so they’ll use automated ‘credential stuffing’ bots to submit your username/password combination on thousands of popular websites.
On a side note, this is why many login pages often annoy you with an extra step that requires you to identify weird text or images - to make sure you’re human!
2-Factor Authentication
If the account associated with the password you provided has 2-factor authentication (2FA) setup, that extra layer of protection will keep them out, but you still need to change your password.
If you didn’t have 2FA setup, do so on every account that offers it, as it’s the best hedge against stolen passwords. Remember, your passwords can be stolen via a third-party data breach not just phishing scams.
‘Quishing’ – QR Code Phishing
Cybercriminals are using QR codes to slip past traditional email security filters in a tactic called "quishing." By embedding malicious QR codes in emails or even on posters and other physical locations, they’re luring people into scanning the code.
With QR codes becoming a staple of everyday life—thanks in large part to the pandemic—the effectiveness of this tactic has skyrocketed, so add QR codes in an email message as a new ‘red flag’!
About the author
Ken Colburn of Data Doctors on December 5, 2024
Need Help with this Issue?
We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!