Help! We accidentally entered our login info into a FAKE site!! What do I do?

Don’t worry. You aren’t the only one to have fallen for this scam. These scammers go to great lengths to trick you into believing their email is from a legitimate source. Often it is an email that looks like it is from a vendor you use, including their logos and custom links and branding asking you to do something like update your business information. And not only that, it is likely that they have asked you to do something like this before so why would you question this request? Thinking it will just be a quick process, you click and provide the information they are requesting. But then…before you know it, you have fallen victim to a phishing scam. Now what?

Step 1:

Alert your designated IT resource. Even if you don’t have a dedicated IT team in house, there will be someone who is the go between for your managed service provider. As soon as you realize you may have fallen for the scam, do not hesitate to let those in charge know.

Step 2:

Immediately change passwords both with the compromised vendor and with any other resource you may have that also use the same passwords and then disconnect the computer or device that you used. It’s possible that it is infected with malware and this can help prevent the spread to other devices in the network.

Step 3:

Your organization should have procedure’s in place to direct employees on where to go and who to report to in the event of a potential breach. Be sure to follow your company’s predefined procedures.

Step 4:

Report it to the Anti-Phishing Working Group, which is a group comprised of ISPs, security vendors, financial institutions and law enforcement agencies, and the FTC.