Security At Home > E-Mail

Help prevent identity theft from phishing scams

What to do if you've responded to a phishing scam

Published: July 29, 2005
Illustration of a fish holding an e-mail message

You can do your best to prevent having your identity stolen by a phishing scam, but no method or system can guarantee total safety and security.

If you suspect that you've already responded to a phishing scam with personal or financial information or entered this information into a fake Web site, you might able to minimize any damage.

Step 1: Report the incident

If you feel your personal information has been compromised or stolen, immediately report the circumstances to the following authorities:

Your credit card company, if you have shared your credit card information. This should be your first step. The sooner an organization knows your account might have been compromised, the easier it will be for them to help protect you.

The company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received.

The IFCC. The Internet Fraud Complaint Center (IFCC), a partnership between the FBI and the National White Collar Crime Center (NW3C), works worldwide with law enforcement and industry to promptly shut down phishing sites and identify the perpetrators behind the fraud.

The Federal Trade Commission. If you believe that your personal information has been compromised or stolen, you should report the circumstances to the FTC: National Resource for Identity Theft and visit their site to learn how you can minimize any damages.

You can also report the phishing scam to the Anti-Phishing Working Group at reportphishing@antiphishing.org and to the FTC at spam@uce.gov. To report the scam to these groups, create a new e-mail message addressed to them and attach the phishing e-mail to the new message. You can also copy the entire phishing e-mail and paste it in the new message. Do not use the "forward" option if possible, as this format might exclude information and requires some manual processing.

Step 2: Change the passwords on all your accounts

If you think you've responded to a phishing scam with password information or entered passwords into a phony Web site, change your passwords as soon as possible. For more information, read Creating stronger passwords.

Step 3: Routinely review your credit card and bank statements

If you review your bank and credit card statements at least monthly, you might be able to catch the con artists and stop them before they cause significant damage.

Step 4: Use up-to-date antivirus and anti-spyware software

Some phishing e-mail might contain malicious or unwanted software that can track your activities or simply slow your computer. To learn more about this type of unwanted software, such as viruses and spyware, read:

What are viruses, worms, and Trojans?

What is spyware?

For a more detailed list of steps you can take if you believe you've been victimized, see What to do if you're a victim of fraud.


**
**