Got Scammed…What Next?
The moment you suspect you got scammed, start mitigating the situation not matter if it’s a telemarketing scam, internet fraud, identity theft, counterfeit medicine, or business fraud.
First off, disconnect the compromised device from the Internet. But don’t power it off. Some malware pieces are designed to discard their payload at reboot, making it impossible for someone to recover the sample and understand what went wrong.
Avoid using the compromised device for the recovery process. Get a new trustworthy laptop, desktop or handset to:
- change all passwords and IDs to all your accounts
- contact your bank and your credit card company to let them know what happened. Cancel all the ongoing transactions to anticipate any foul play
- contact social security administration to inform it that it is possible your social security number be used fraudulently and allow them to take dedicated measures to protect you
- when business data is involved, be it confidential documents saved in the cloud or locally and/or log in data for business accounts, inform the IT department of the foul play at once and send the compromised device for forensic analysis. With BYOD as one of the trending practices among employees these days, those accessing business accounts from their personal terminals need to realize the responsibility of their actions and be extra cautious in avoiding scams
- if developer – immediately revoke the certificates for code-signing to prevent abuse and ill-usage of these trust seals and check the software kits uploaded on the websites to make sure you don’t upload compromised code and infect all those downloading or using it
- if user with no important data on the system – check for malware and remove it
- if you learn that the scam is linked to a mobile application, contact Google (http://support.google.com/googleplay/bin/request.py?&p=play_contact&rd=1) and let them know about the dangerous app
Take a few minutes and report whatever happened to dedicated organizations such as the National Fraud Information Center – www.fraud.org or UK’s national fraud and internet crime reporting center, www.actionfraud.police.uk, that work with their Governments to protect people from fraudsters. They gather all data about the scam and use it to find out who was behind it. They may also provide phone numbers and links towards other specialized organizations depending on the type of scam you fell victim to. And the FBI’s http://www.ic3.gov/default.aspx
Cybercops (http://www.cybercops.org/), The National Consumers League (http://www.natlconsumersleague.org/ ) and The Better Business Bureau (www.bbb.org ) can also provide you with helpful expert tips and gives you the opportunity to put out your experience that could save others from facing the same problems and going through what you have been going through.
Tips & tricks to reduce risks in future
Respecting basic security measures such as keeping different passwords for different accounts, regularly renewing passwords, and never accessing accounts from computers/devices you don’t own or via access points you don’t completely trust can make the difference between safety and danger.
Comments, pictures, check-ins and links posted on social networking platforms paired with private e-mail conversations are the bits and pieces of someone’s life that, put together, help scammers create accurate impersonations or lures for say a successful phishing attack.
Employees should be trained to tell apart fake messages or requests from legitimate ones and never click on links delivered in e-mails or via social networking platforms. Not opening attachments without first scanning them may also help avoid scams.