I've Been the Victim of Phishing Attacks! What Now?
The Internet offers users incredible access to information and connection. However, when you use a computer or device to access the web, you open yourself up to many cyber security risks—most of them posed by bad actors on the web who are out to steal identities, take your money, or gain power via having control over people's personal accounts and profiles. The cyber attacks that majority people of people face at multiple times when using the web are phishing attacks. In fact, 57% of small businesses experienced a phishing attack in the last year.
If you don't know what phishing attacks are, read on to learn more about the definition of phishing, as well as how you can take steps to protect yourself from phishing attacks.
What is phishing?
The definition of phishing is important to know if you want to make sure that you avoid all phishing attacks as you browse the web. Phishing is a type of cyber scam in which a malicious actor on the web tricks a person into handing over their login information or credentials. According to the National Institute of Standards and Technology,
" A phishing attack is an attempt by criminals to trick you into sharing information or taking an action that gives them access to your accounts, your computer, or even your network. It’s no coincidence the name of these kinds of attacks sounds like fishing. The attack will lure you in, using some kind of bait to fool you into making a mistake."
Once a person has voluntarily given over their login information, those cybercriminals can access private accounts and all the information that exists within them. If the login information and passwords handed over are used for more than one account, cybercriminals can end up accessing a range of accounts. This means that they can get into bank accounts, email inboxes, home networks, and even IRS accounts or social media platforms (and much more).
How to recognize a phishing attack
It's great to know the definition of phishing, but simply knowing what phishing is is not enough to stop you from falling for a phishing scam. Instead, it's important to recognize what a phishing attack can look like, since cybercriminals can disguise phishing attacks in a huge variety of ways so that they successfully trick people into giving over confidential information.
Here are some common types of phishing attacks:
- Email phishing: an email that looks like it comes from a legitimate website you have an account with. The email will ask you to click a link and log in to your account. This link is not legitimate. Usually, the address of the sender has the name of the company in it, but the email will not be from an account at the actual company. Check email addresses to ensure they are not similar to a real email address—but clearly fake.
- Text phishing: Sometimes call smashing, text phishing happens when you receive a text message asking you to click a link and log in to your account with a specific platform, website, or company. Never click a link in a text, and check directly with the platform to see if there has been an issue that would require you to login to avoid being the victim.
- Phone phishing: If you get a phone call with a person expressing a security concern and asking for personal information, never give that information over the phone. A company will not ask you to give credentials via phone call. You can check with the company via a phone call to their official phone number just to make sure everything is okay with your account.
- Social Media phishing: A fake social media account that appears to be from a legitimate company writes you a DM or posts on your social media timeline that they need your personal information. They may say you won a contest or that there's a security concern with your account and the only way to resolve it is by logging in. A company will never contact your directly on a social media platform and ask you to hand over your personal information, so avoid messages like these.
Ways to report phishing attacks
If you have experienced a phishing attack, one of the most important steps to take is to report that phishing attack. Reporting phishing attacks isn't always simple or straight (in terms of knowing who to contact), but often, reporting an attack can let the platform know you've been phished, and they can help you both regain the security of the account, and to let other users know that they are at risk of being phished. Here ar some different ways to report phishing attacks.
- In the US, report phishing to the Anti-Phishing Working Group. You can also report phishing to the FTC.
- In Europe, report phishing to the European Anti-Fraud Office.
- In Mexico or Brazil, you can report phishing attacks to econsumer.gov.
How to protect yourself against phishing attacks
Of course, it's nice that you can report phishing attacks and get some help regaining control over your digital security. However, there are some things you can do before you are phished to make sure that you don't become a phishing attack victim. Here are some precautionary steps you should always take to avoid phishing.
- Learn to recognize phishing attacks: make sure yourself familiar with what all types of phishing attacks look like. When you receive them, delete them immediately.
- Report phishing attacks: Once you have avoided a phishing attack, report the attack. This will allow companies to step up security and ensure they're keeping customer accounts safe.
- Get antivirus and anti-phishing software: Most digital security companies have software that has anti-phishing components built-in. Many will allow you to filter out phishing messages as spam, so you don't even see them. Make sure you are using an antivirus program that would also remove any virus on your computer and that would help heal any damage done if any bad actors had installed malware on your devices.