Phishing, as you probably know, is the term for the tactic used by scammers and identity thieves who pose as a legitimate company, government agency or some other person or entity you trust and lure you into providing personal information that can either be used to make you or someone you know a victim of identity theft. Recently, Google and the University of California, San Diego completed a study that showed just how effective phishing is. A common phishing technique is to send an email to someone with a link directing them to a phony, but legitimate appearing website. Other times, the phony email itself contains a request for personal information. Startlingly, the study showed that at tHE most effective of these phishing websites up to 45% of people targeted provided the information requested. Sometimes, the scammers are merely looking to take over your email account so that they can send targeted emails to people on your email list that appear to come from you and may be directed to your friends by name. This type of phishing is called spear phishing. Phishing is a tremendously effective scam technique and was at the core of the hacking of Target, Home Depot and many other companies and people.
Never click on links or download attachments unless you are absolutely sure that they are legitimate. Even if they appear to be in an email or text message from a friend, you cannot trust the communication because your friend’s account may have been hijacked by an identity thief or scammer. Never provide personal information on websites unless you have confirmed that it is legitimate.
If your email account is compromised here are the steps to take:
1. Change your password on your email account. If you use the same password for other accounts, you should change those as well.
2. Change your security question. I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”
3. Report the hacking to your email provider.
4. Contact people on your email list and let them know you have been hacked and not to click on links in emails that may appear to come from you. You have already done this.
5. Scan your computer thoroughly with an up to date anti-virus and anti-malware program. This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.
6. Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.
7. Get a free copy of your credit report. You can get your free credit reports from http://www.annualcreditreport.com. Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.
8. Consider putting a credit freeze on your credit report. You can find information about credit freezes here on Scamicide.