You've probably read plenty of articles that tell you how to prevent yourself from being phished. However, even the best-laid plans can fall through, and you could still find yourself getting hooked in a phishing attack. What now? Here are five concrete steps you can take to mitigate any damage, so your phish doesn't turn into a whale.
1. Don't panic.
It's normal to freak out right after finding out that you've been phished, but it's best not to spiral if you can help it. You may still have a chance to prevent the worst outcome from happening, and you'll be a better decision-maker if you're not riddled with fear and anxiety. So, take a beat and find your calm center using whatever method works best for you. Then, you can take action to protect yourself.
2. Change your passwords immediately.
The first order of business is to change your passwords right away. If you entered a password in a phony website after clicking on a malicious link in a phishing email, then that's the first password you'll want to change. Also consider proactively changing the passwords for your most important accounts (for example, your email account and any financial accounts you may have). This way, you'll have a better chance of keeping attackers from wreaking havoc on your digital life. You can quickly create a secure, new password using the Generator feature in LastPass, then automatically store that updated password in your encrypted LastPass vault.
If you already practiced good password hygiene, for example by using a unique password for each of your online accounts, then that habit will serve you well at a time like this. However, if you re-used one password or a variation of it across multiple accounts, it's a good idea to update all of those accounts with unique and secure passwords ASAP. Otherwise, a bad actor who managed to get a hold of that one password could start trying to log into several of your accounts (this practice is known as 'password spraying').
3. Cancel any affected credit cards and/or flag any unauthorized transactions.
Once you've been phished, you may be at increased risk for certain types of fraud. If you entered credit card information on a website after clicking the phishing link, then cancel that card right away. If you see any suspicious or unauthorized transactions on that credit card or any other financial accounts, alert the financial institution.
Also keep an eye out for potential identity theft, especially if you entered any sensitive personal information on a website after clicking the link in the phishing email. At a minimum, it's best to monitor your accounts for unusual activity. You can also take advantage of credit reporting services that offer fraud alerts, so you'll get a proactive heads up in case anything dodgy happens.
4. Scan your devices for malware and viruses.
Phishing emails often include links that, when clicked, silently install malware and viruses on the victim's device. Cyber attackers have been known to use such harmful software to spy on the victim's activity in the hope that they might land an even juicier payday. With that in mind, it's wise to scan your devices for malware and viruses.
Turn off your internet connection before you get started — that will disrupt the connection to the cyber criminals' command and control center and give you a better chance of successfully completing the scan. If you spot signs of an infection, take the recommended steps to remove the malware or virus from your computer.
5. Report the phishing attempt.
A malicious actor who attempts to deceive people with a phishing attack shouldn't get away with it. By reporting the phishing attempt, you may be able to help the appropriate authorities take action so that no one else falls victim to this increasingly common form of cyber crime. You can submit a report at ReportFraud.ftc.gov.
If it turns out the phishing attack showed up on your work email account, then reach out to your colleagues in the IT team to let them know. That way, they will be able to help you take any other steps you need to recover from the phishing attack, and they'll also be in a better position to protect the company from any potential fallout.
Quickly recover from a phishing attack
It's natural to feel unsettled after finding out you've been phished. You might even feel a bit helpless. However, you're not without recourse. If you take these steps right away, you'll have a much better chance of recovering from a phishing attack. Taking action will help you prevent the worst outcome, and it will also help you regain a sense of control over your digital life.
Once the dust has settled, you'll probably want to tighten up your defenses, so you don't fall prey to another phishing attempt in the future. By learning more about how to protect yourself from social engineering attacks, you can reduce your chances of getting snared in another phishing attack.
Discover how LastPass Premium takes your password management to the next level to complete digital security.
