What to do if you’re a phishing victim

Figures don’t lie, the old aphorism goes, but liars can figure. And after nearly 20 years covering technology, I’ve realized that you could update that saying to: Benchmarks don’t lie, but liars can benchmark.

What brings this to mind is a nasty war of words between Microsoft and Mozilla, the publishers of Firefox, over whose browser is more secure. Both are pointing fingers at the other, claiming that their benchmarks really tell the tale.

I’m not saying any of these folks are actually lying, but they’re using benchmarks and other statistics to prove a point they want to make and make themselves look as good as possible. My advice is to ignore the argument; the only people who really care about it are the people who work for one side or the other, and tech writers who love nothing more than conflict. As it happens, all three of the major browsers – Microsoft’s Internet Explorer, Mozilla’s Firefox and Google’s Chrome – are more than secure enough for most consumers and businesses.

That’s not to say you can forget about security on the Web. The browser is part of your defence, but a bigger part is your brain. That’s right, the smart user who pays attention to what he or she sees on the screen is always safer, particularly against a very nasty tactic called “phishing.”

By now you’ve probably heard of phishing. It’s an email, or Tweet or Facebook message that appears to come from someone you know or an institution you do business with, like your bank or credit card company. It will contain a link that might do something as harmless, though annoying, as taking you to a site to look at advertising you don’t want to see, or in the worst case, download malware onto your computer.

Browsers and your basic security software will detect many phishing attacks, but not all. So, I’ll repeat what you should already know. If a message looks odd, look carefully at the address. If you see something from say Chase, that comes from [email protected] (that came to me the other day), delete it. In fact, never click on a link in an email unless you know for sure who sent it.

Having said that, there are times when all of us let down our guard and get caught. Here are some of the most common problems that phishing can cause, and some solutions, courtesy of an industry coalition called the Anti Phishing Working Group.

Hijacked eBay account: If you think you’re eBay account has been hijacked and you can still log in to the site, you should change your password and make sure that any active bids and listings were put there by you or a family member. If you can’t log in, try this link. If it doesn’t work, here’s a number you can call to report fraud. (It’s not for routine help requests.) 866-961-9253

Identity theft: OK, someone has gotten their grubby hands on key parts of your identity; social security number, date of birth and so on. You may have given it away by mistakenly filling out a form on a poisoned Web site, or a hacker may have placed a key logger, software that records all of your key strokes, on your PC.

Obviously, you need to notify your bank and credit card companies immediately. If you do so, charges run up by the thieves are not your responsibility. But you also need to notify the major credit reporting agencies. Here’s how you contact them: Equifax –; Experian –; Trans Union –

The Privacy Rights Clearinghouse has a good deal of additional information on how to cope with identity theft. Among other tips, that group suggests that you do not call Experian, because: “You will be subject to a marketing pitch for their ‘free’ credit management tools. If you fail to cancel the service within 30 days, your credit card will automatically be charged for the service.”

Remember, the Fair Credit Reporting Act entitles you to free credit reports once a year from each agency as well as free reports when you wish to place a fraud alert in your file.

Computer has a virus or a Trojan that has captured personal information: First update your anti-virus program with the latest definitions, and then run a full scan. If you use a password to access your computer, change it, then check your other accounts and be sure there hasn’t been unauthorized activity. And for the next few months, be sure to go over your billing statements carefully to be sure all of the charges are really yours.

The absolute worst case: Reformat your hard drive, which will get rid of the malware once and for all, but will also wipe out your data and applications, so you’d better have an up-to-date backup on hand.

San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach him at [email protected]. Follow Bill Snyder on Twitter @BSnyderSF. Follow everything from on Twitter @CIOonline

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs