7 Steps to Take Now If You're a Victim of a Phishing Attack

Phishing is a widespread form of cybercrime that involves a target being contacted via email, phone, or text message by someone impersonating a legitimate organization with the goal of luring out sensitive data. such as passwords or credit card details. Criminals typically use this information to steal their target’s money or, worse, their identity.

Falling for a phishing attack is something that can happen to anyone, so if it’s happened to you, don’t be discouraged. While it can be both disheartening and frightening, stay calm and know that there are steps you can take to safeguard your compromised information.

Steps to Take Now:

Before planning the next step, the first thing you need to do after falling victim to a phishing attack is to take a few deep breaths to calm down and clear your mind. Remember, phishing schemes vary, and this particular attack does not necessarily mean your identity has been stolen.

1. Disconnect Your Device

If you believe you’ve made the mistake of downloading malware or clicking on a phishing link, the first thing to do is to sever your device's internet connection. Simply unplug the internet cable from your computer or laptop if you are using a wired connection.

If you are connected to the internet through Wifi, locate your Wifi settings and disconnect from the network you’re on. If you’re having trouble locating your network settings, you can also simply go to your Wifi router and shut it off.

It’s important to disconnect your device from the internet right away to reduce the risk of the malware spreading to other devices on the network. It will also prevent someone from remotely accessing your device or sending out private information from it. So act quickly!

2. Make a Backup

Once you’ve successfully disconnected from the internet, now it’s time to backup your files in case your data gets erased in the recovery process of the phishing attack. The important thing is to protect sensitive information and documents as well as precious files like family photos and other irreplaceable content.

You can do a full backup of your files using an external hard drive or a cloud storage service like DropBox or Google.

3. Change Your Credentials

If you clicked on a link that directed you to a faux website where you made login attempts, it’s a good idea to change your username and password immediately. This form of phishing works by misleading users into thinking they are accessing a familiar website, such as a social media account or bank account, to capture your login information. Attackers can then use this information to access your other accounts.

Take the time to change your login credentials to ensure the assailant does not inflict further damage, and don’t make the mistake of using the same username and password for all of your online accounts. This makes it much easier for the attacker to steal your identity and access funds.

4. Scan Your System for Malware

For the less tech savvy, it may be a good idea to take your device to a professional to have it fully scanned for any malware or viruses. Just be sure to use a reputable service to ensure the issue is dealt with safely.

If you have antivirus software installed on your device, you can easily run a scan. All you have to do is launch the program and click a button that typically says something along the lines of “Run a Complete Scan”, or “Scan for Viruses”. You can run a scan even if you are not connected to the internet. If any pop-ups appear notifying you that the program cannot connect to the internet, just ignore it.

The scan can take some time, so be patient and try not to use your device until the scan is complete.

5. Set up a Fraud Alert

Most major credit bureaus, such as Equifax, Experian, and TransUnion, offer a free 90-day fraud alert that you can place on your credit report. By activating this fraud alert with one bureau, they are then required by law to notify the other two on your behalf.

This extra step will make it even more difficult for the assailant to open a new account in your name.

6. Report the Incident to the FTC

If you are a phishing attack victim and believe your identity has been stolen, report the incident to the Federal Trade Commission (FTC) for a step-by-step recovery plan.

It’s important to take the time to forward your phishing text or email to spam@uce.gov as well as the organization that was being impersonated in the email to raise awareness. You can also report phishing emails to reportphishing@apwg.org. This is the Anti-Phishing Working Group, which includes entities such as security vendors, ISPs, law enforcement agencies, and financial institutions.

7. Proceed with Caution

Phishing attacks have become a precarious, yet unavoidable, menace in today’s digital age. Given the stress, time, and hassle involved in recovering from an attack, now is the time to move forward with caution.

While it’s never healthy to live in fear of becoming the victim of a cyber attack, it does pay to fortify yourself with increased awareness and proceed with due diligence. Begin closely monitoring your inbox and allow a moment for pause before clicking on a link or downloading a file from questionable emails.

Anyone can fall for a phishing scheme or other identity breach, so it’s important to be in the know. Here at Eloan, we work to help you protect your sensitive information and raise awareness about phishing attacks. If you believe your Eloan account may have been compromised, contact one of our representatives today.

* Please consult with your attorney, financial consultant/planner, accountant, and/or tax advisor for advice concerning your particular circumstances.  The information contained herein is for general informational and educational purposes only and should not be construed as professional, tax, financial or legal advice or a legal opinion on specific facts or circumstances. The information or opinions contained herein should not be construed by any consumer and/or prospective client as an offer to sell or the solicitation of an offer to buy any particular product or service. 

The information contained herein was prepared for general information and educational purposes only and should not be construed as professional, tax, financial or legal advice or a legal opinion on specific facts or circumstances. Eloan a Division of Banco Popular de Puerto Rico, its subsidiaries and/or affiliates are not engaged in rendering legal, accounting or tax advice. Please consult with your attorney, financial consultant/planner, accountant, and/or tax advisor for advice concerning your particular circumstances.