In a previous post, I described the basics of phishing, the most prevalent form of fraud on the Internet. Phishing has been around for more than 20 years and, unlike malware and other exploits that are usually patched with haste as soon as they are identified, phishing shows no signs of going anywhere. Not only that, but once your information has been stolen, it leaves one at risk for identity theft and other fraud for years to come. Some victims have to file paper returns with the IRS for many years, among other hassles.
Short of renouncing modern life and living entirely off-grid, phishing is likely to be a reality for the rest of your life. (And even if you were to go off-grid, it’s probably too late.)
So, what can you do to protect yourself? Quite a lot.
As is all too common these days, if you receive a notice that some of your information has been compromised in a data breach – recent ones include Saks, Panera, and MyFitnessPal – be on heightened alert for phishing scams. Sometimes scammers will take the information they obtain through data breaches to craft more targeted and sophisticated phishing schemes.
What if you suspect your information has already been phished?
The Federal Trade Commission (FTC) has put together an excellent resource for victims, including an interactive tool that will help create a recovery plan. Below are some of the common steps you can take following suspected identity theft:
Stay tuned for more information about one of the problem trends in phishing: W-2 scams that obtain entire years’ worth of employee data with a single email. You can learn more about CaseyGerry’s related investigations here.