Hooked: Rescue and Recovery After Being Phished

First and foremost, breathe. Phishing campaigns are growing increasingly sophisticated by the day, and are getting harder and harder to recognize. Phishing happens, and it can be dealt with and recovered from. If you were the victim of a phishing attack, the steps outlined below can help to ensure the damage done by the phisher is limited. The below steps are moreso geared towards being phished in your personal life, however, so if you were phished in a working capacity, please report it to your company's IT department as soon as possible. For personal phishing events, please keep reading for useful steps to take to protect yourself, as well as some additional resources that can help.

Triage and First Steps

These first steps are designed to cut off the hacker's access to any login, financial information, or computer they may have been able to compromise. It's important that this connection is severed as soon as possible to limit the damage to any of your accounts.

• Disconnect your device from the internet. If you downloaded and opened a strange attachment from an email, such as an .exe, .com, .scr, or .one file, you may be infected with malware. Disconnecting the affected device from the internet will prevent the malware from continuing to take data from your computer and sending it to the hacker. It's important to do this before changing your passwords.
• Change your passwords. Changing your password to the affected service and any services that use the same (or similar) passwords will ensure that the hacker can no longer access your accounts.
• Report compromised credit cards. If you handed over your credit card number, it is recommended that you report that card as stolen to prevent it from being used.
• Scan your computer for malware. If you downloaded and opened a strange file, it is important to scan your computer with a reputable antivirus software to ensure that all traces of it are deleted. Some reputable and popular antivirus softwares with a free trial or free plan include ESET, Malwarebytes, and Bitdefender. There are links to these three programs at the bottom of this page.

Secondary Mitigations

After securing your information, it's important to take measures to be on alert and report the event where appropriate. These precautions will help both yourself and the person, company, or organization that was impersonated defend against further harm.

• Report the campaign. Contacting the person, organization, or company being impersonated to report the phishing campaign may not be help you in particular, but your report will make them aware of the campaign if they weren't already, and aid in any investigations that may be underway.
• Check your credit report. Checking your credit report for signs of identity theft or other unusual activity is vital. Catching it early is much better than finding out about it much later, after it damages your credit score.

Continued Monitoring

Your information may not be immediately used after being compromised. It can be compiled with other people's information in a massive list to be sold on the dark web later, or the hacker could wait to use it in an attempt to lull you into a false sense of security.

• Continue monitoring your credit. It is important to keep an eye on your credit reports and bank statements for any unusual activity and signs of identity theft. Some monitoring services offer identity theft protection.
• Be on the lookout for other phishing attempts. Unfortunately, after one successful attempt, many more phishing attempts tend to follow. It's important to be on the alert for them to avoid being phished a second time.

Additional Resources

Here are some additional resources that can prove useful for the above steps, as well as to prevent future phishing incidents.

• VirusTotal can be used to scan suspicious files for malware.
• Malwarebytes is an antimalware software with free and paid plans.
• ESET is a powerful computer protection system with a free trial available.
• Bitdefender is a powerful computer protection system with a free trial available.
• CreditWise is a free credit monitoring service by Capital One.
• Bitwarden is a free to use, open source password manager that can create and store secure passwords, and check these passwords to ensure they haven't appeared in a data breach.
• HaveIBeenPwned may not stop phishing, but it can be used to check if your email has been involved in a data breach. These breaches can be used to gather email addresses for phishing campaigns.
• IdentityTheft.gov is operated by the FTC and can be used to report cases of identity theft as well as get recovery plans.