Ask Leo! #702 – I Think I’ve Been “Phished”, What Should I Do?

This Week's Newsletter

Featured: What to do when you've been phished!

Also this week: peeking into hidden partitions as well as the scourge that is the dust bunny.

By the time you read this I'll probably be on an airplane on my way to The Netherlands again. Looking forward to catching up with relatives and just generally enjoying myself. Needless to say my replies this week might be slightly delayed. Smile

I Think I've Been "Phished", What Should I Do?

(skip)

I think I may have been “phished” with the “request to confirm” scam email. How can I tell? And if I have been “phished” what do I do now?

First, don't feel too bad — phishing attempts are getting very, very sophisticated. I haven't fallen for one yet, but I've come darned close a time or two.

But be prepared for a painful recovery if the phishing was successful.

How to tell if you've been phished depends on where in the process you are: looking at an email, after clicking a link in the email or other source, or some time thereafter.

What to do after that depends on what information you gave in response to the phishing attempt.

Prevention

In my article, Phishing: How to Know it When You See It, I discuss how to identify potential phishing attempts.

The rule of thumb is to never click on a link in email unless you're positive it's safe. Go to the site yourself (by typing the URL into your browser or using a bookmark you've saved previously) and log into your account by hand.

If you want more clues as to whether or not an email is a phishing attempt, look carefully at the link you've been sent. For example, this link:

https://ebay.com

does not take you to eBay. You can tell before clicking on it, since most email programs and web browsers allow you to hover your mouse pointer over the link and show you, either as a tool tip or in the status bar, where the link really goes.

Misleading Link

When you look at where the link really goes, ensure that:

  • The destination matches what you expect. Exactly. If the link claims to be eBay, it should be for eBay.com. Targets like http://ebay.com.hacker.com, http://ebay.signin.services.ru, http://www.ebay.cc (note that it's not “.com”) are all attempts to deceive you.
  • The destination is a name, not a number. If the destination of the link takes you to a link that has numbers, such as http://72.3.133.152, it's probably not valid, and definitely not worth the risk.
  • The destination is secure. That means it should begin with https:. If the target destination begins with the regular, unsecured, http: (without the “s”), chances are it's not legitimate.

If you're at all uncertain, skip the link and just go to the service yourself, manually.

Detection

OK, you clicked. By mistake, but you clicked. And it looks totally legitimate. How can you be sure? There are several tests:

  • All the tests for the link before you clicked it now apply to whatever you see in the address bar as the URL of the page you landed on. If it's not what you expect — if it's a number, if it's not https secure —  chances are it's bogus. If you click on my example eBay link above, this is what you'll see in your address bar:Buy Leo A Latte
    Needless to say, that's not eBay. Don't continue. (Unless you want to buy me coffee, of course. 🙂 ).
  • If your password manager (such as LastPass) usually signs you in automatically for this service and it fails to do so this time, then it didn't recognize the URL as the legitimate URL. Don't proceed.
  • If the site asks you to “reconfirm” by providing sensitive information like your credit card number, don't do it. It's likely bogus. Merchants do not need to update your entire credit card number if they keep it on file and all they need is a new expiration date. Banks never need this information, as they're the ones that have it to begin with!
  • If, after you “log in”, you're only presented with the information you just provided, it's very suspicious. Legitimate services typically recognize you and display more details that they already have. If the site doesn't do something like this, then it's possible they're simply trying to collect your information.

If, after you do sign in or provide your information, you get an error message, or a “service temporarily down” message, or nothing at all … it's likely you've been “phished”.

Recovery

You think you've been phished. Now what?

As recommended by the Federal Trade Commission, you may need to do several things.

If you provided credit card or other account information to the phisher, you probably need to close those accounts. You'll at least want to contact the appropriate customer service department for each and tell them what happened.

You'll need to contact the consumer credit reporting agencies. This is particularly important if you live in the U.S. and gave up your social security number. This is one way identity theft happens: the successful phishers can open accounts in your name that you know nothing about.

You may want to file a report with the police. This can be an important piece of data to prove you were the victim of identity theft.

The lesson here?

I'm sure you've heard stories of how recovering from identity theft can be difficult, painful, and time-consuming.

The real lesson here, the one thing to walk away with, is simply this: prevention is a much easier than recovery. Pay attention, remain skeptical, and avoid the problem in the first place, and you'll be much, much safer.

There's an old adage about telephone marketers: never give any information to someone if they called you. Only give information to someone you called. The idea is that you know who you called, and can verify who you're calling.

The same is true for the internet: never give information to someone who independently asks for it. Only give information in transactions you initiate with sites you know.

When you go to eBay.com and log in to your own account, you know it's really eBay and that it is your account. But if you get email from someone claiming to be eBay, it simply might not be them.

Related Links & Comments: I Think I've Been "Phished", What Should I Do?
https://askleo.com/2734

Ad-Free Ask Leo!

Support Ask Leo! and enjoy an ad-free experience whenever you visit askleo.com.

Become a patron for as little as $2/month (or $24/year) for Ad Free Ask Leo!.

Thanks!

Leo

No Ads

How Do I View the Contents of My Hidden D: Drive?

In the past I've had what was called a recovery drive on my system, D:. Now, with Windows 10, I no longer have D:, but the recovery partition is still there. How do I view what's in it?

As we've discussed in other articles, machines with Windows 10 installed frequently have multiple partitions. One or more of those partitions is typically labelled as a “recovery partition”.

While in the past you may have seen such partitions assigned a drive letter like D:, there's no requirement that it always be that letter. In fact, there's no requirement that it be assigned a drive letter at all.

Recovery partitions not having a drive letter is actually a good thing.

Continue Reading: How Do I View the Contents of My Hidden D: Drive?
https://askleo.com/42155

My Computer Has Started to Shut Down Randomly. Could it Be the Fan?

For some reason, my computer randomly shuts down a lot. It's been happening more and more. It started around the start of summer. It usually would shut down for no reason. Yesterday, it said Over Temperature. This shutting down thing is annoying. When I'm trying to do work, I lose it all and the computer shuts down. I asked my cousin, he said that it could be my fan. I haven't checked yet, I'm going to ask you first, is it my fan? Or is it another problem? 

Maybe.

The “Over Temperature” is definitely a clue, and the fan is a definite possibility.

But first we should talk about … dust bunnies.

Continue Reading: My Computer Has Started to Shut Down Randomly. Could it Be the Fan?
https://askleo.com/42183

The Ask Leo! Tip of the Day

A feature exclusively available to Ask Leo! Patrons Bronze level & above.

More Ask Leo!

Tech Enthusiast Hour: I'm one of the regular hosts of the weekly Tech Enthusiast Hour podcast! Join us as we discuss the latest news & tech goings on. More information at tehpodcast.com!

Become a Patron
Ask Leo! Books
Facebook - YouTube - More..

Leo's Other Projects....

HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ' reminding us that people are good, that individuals and individual action matter. Stories - new and old - are published twice a week.

Not All News Is Bad - Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it.

leo.notenboom.org - My personal blog. Part writing exercise, part ranting platform, it's where I write about anything and everything and nothing at all.

Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at https://newsletter.askleo.com for their own FREE subscription!

Newsletter contents Copyright © 2018,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC