Phishing Phried: 10 Steps to Recover After a Phishing Attack

Uh oh. You clicked a phishing email, and now your inbox is acting strange. Emails are disappearing, or worse, you see messages you never sent flying out. Don’t panic! While it’s a stressful situation, there are steps you can take to regain control and minimize the damage. Here are 10 actions to follow after falling victim to a phishing attack:

1. Cut the Cord: Isolate your device from the internet immediately. This stops further data transmission and prevents potential malware from spreading. Disconnect your Wi-Fi or unplug the ethernet cable.
2. Password Power-Up: It’s time to change your passwords, especially for critical accounts like email, banking, and social media. Don’t reuse old passwords! Create strong, unique passwords for each platform using a password manager can be a big help.
3. Scan for Sneaky Software: Run a thorough antivirus and anti-malware scan on your device. Update your antivirus software before scanning to ensure it can detect the latest threats.
4. Secure Your Email: Here’s where things get extra cautious. Log in to your web-based email account (not desktop apps like Outlook or Apple Mail). Phishers might set up filters to hide their activity. Look for settings related to filters, forwarding rules, and labels. Make sure no suspicious filters are in place that might be forwarding or deleting emails.
5. Report the Phish: Don’t let the phishers win! Report the phishing attempt to your email provider. They might offer additional security measures or account recovery options.
6. Sent Folder Sleuthing: Check your “Sent” folder for any suspicious emails the phishers might have sent from your account. Don’t recognize these messages? Time to change those passwords even faster!
7. Two-Factor for the Win: Add an extra layer of security to ALL your accounts by enabling two-factor authentication (2FA) wherever possible. This makes it much harder for unauthorized access, even if your password is compromised.
8. Forward the Phishing Email: Knowledge is power! Forward the phishing email you received to the appropriate organization. You can report it to the Anti-Phishing Working Group (https://apwg.org/reportphishing/) which includes security experts who track and prevent future attacks.
9. Beware of Follow-Up Scams: Phishing attempts often come in waves. Stay vigilant and don’t respond to unexpected emails or calls requesting personal information. Remember, legitimate organizations won’t pressure you for sensitive information via email.
10. Consider a Credit Freeze: If you suspect your financial information might be compromised, contact your bank or credit card company immediately. You might also consider a credit freeze to prevent unauthorized access to your credit report and new lines of credit being opened in your name.

By following these steps, you can take back control after a phishing attack. Remember, staying informed is key! Learn more about phishing scams and how to protect yourself at the Federal Trade Commission website: https://www.ftc.gov/phishing.

Stay safe out there!