I think I've been "phished" - what should I do?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

You should also go the site in question anyway. Ebay, paypal and most banks will have a link on thier index page telling you how they will contact you and what they will ask.

A few things also to take into account...

With JavaScript enabled, the phisher can cause something other than the actual URL to appear when you hover the mouse over the link. (Some browsers will always show the true URL, perhaps in addition to the "status" message supplied by the JavaScript code.) However, most browsers allow you to see the actual destination by right-clicking the link and selecting something like "properties" from the popup menu.

Another trick used by phishers is to redirect you to the real website, so that the URL in the address bar really is the known website, but only after popping up a "login" window on top of the main browser window. While the browser really is at the true website, the popup window still is from the phisher's site. (Someone I know ran into this last year. While he knew enough to know this was a phish, he was at a loss to see how it worked, as the browser's address bar showed the real site's URL.) Most decent popup blockers probably prevent this, however.

Thanks Leo, another excellent, clear, useful article.

Thanks for the advice Leo, this has to be one of the most obnoxious issues out there today and the biggest way to fight back is to simply educate people. There are so many articles/blogs out there that tell about all of the issues regarding phishing, but this is one of the only that actually offers help to those affected.

Educating people is our best option these days to potentially fix our phishing problems.

I can't believe that people actually fall for these tricks, but then I suppose the word Niave covers this...
As Nathan says: ‘obnoxious’, and there is no telling what these bandits will do to trick you into giving your personal information...
They need:
Your Name
Your address
Your DOB
Your account Number or card number
...and the security number that goes with it
Your opening password or memorable word/name/date
And sometimes your screen name.
And your telephone number
With this info, the bandits can rape your account to its limit and more, and whilst you are often protected in the UK and sometimes on the internet, many banks hold you the user responsible and you may have to foot the bill.
Check your account small print for info on this and if necessary, change your account to one that offers full protection ~ there are newer visa or other payment card facilities that advertise the fact that they are abreast of the 21st century bandits, and will insure you against theft if alerted within a certain period…
You can take additional protection -as I have, with Card Protection Plan (CPP). Just pop that into Google and go…

Quick note on eBay: and as told by them, if you read their site rules etc.
Any mail sent to you from eBay will be in your account inbox.
This acts as confirmation that it is Kosher
If it’s not in your inbox at eBay, it’s not kosher…
Some other sites act similarly.

Finally, when you have discovered Mr Phish, open a new folder in your email client, cal it headers or keepers or just plain ‘ol Thomas Crapper. Drag n drop your phisher mail here and then go the site concerned, look for the security link and contact them to see if they might like the header detail to follow-up – and together we will have Stealth.
Don’t be shy, kick sand in their faces.

BUT ABOVE ALL - STAY ALERT…!

Good luck
Lou

i have been phished on myspace and i tried clicking on the link to change my password to restore my account but it isnt working and i dont even know if i gave them the right email address so i am totally lost i tried to email Tom but he is not accepting emails at this time

I clicked a link to a bank knowing it was a bogus website (curiosity got me...just wanted to see how smooth the pranksters might really might be), but I didn't enter anything. I did notice a little pop-up that said something like "click sensor", but it disappeared too fast to check it out further. I closed all apps and restarted my computer after a separate ad/pop-up froze up and couldn't be closed. Should I be worried that some kind of spyware has been installed? If so, how do I get rid of it? BTW- the computer is hooked up to a server with McAfee virus protection, has a firewall, etc. Thanks for any feedback. :-)

I too, have been phished.
However, after multiple attempts to follow the url tom gave me, it hasn't worked.

it just keeps having me log in again, and again.

how do i get my account back?

thank you so much.

I have been phished. Some fraudster has my name, address, email address and social security number. They do not have my credit card numbers or any bank numbers

I got a pop up and it said windows internet explorer...Your computer may have been hit with a virus click here if you want to check...so I did then it said my computer was hit with a virus and to click here if I want windows to fix it was I phished? it looked legit, but my husband said windows internet explorer won't send you anything like that what do I do or have I done?

To post a comment on "I think I've been "phished" - what should I do?", please return to that article's main page.