{"id":7138,"date":"2018-05-14T16:45:53","date_gmt":"2018-05-14T14:45:53","guid":{"rendered":"https:\/\/www.combell.com\/en\/blog\/?p=7138"},"modified":"2022-11-08T11:18:20","modified_gmt":"2022-11-08T10:18:20","slug":"fallen-into-a-phishing-trap-this-is-how-you-can-limit-the-damage","status":"publish","type":"post","link":"https:\/\/www.combell.com\/en\/blog\/fallen-into-a-phishing-trap-this-is-how-you-can-limit-the-damage\/","title":{"rendered":"Fallen into a phishing trap? This is how you can limit the damage."},"content":{"rendered":"<p>Phishing attacks are often carried out with very carefully crafted e-mails, which can hardly be distinguished from legitimate e-mails from a company. So well counterfeited, that despite your caution, you still fell for a phishing attempt. What now?<\/p>\n<p>In our previous article, we explained <a href=\"https:\/\/www.combell.com\/en\/blog\/what-is-a-phishing-e-mail-and-how-can-you-tell-it-is-a-fake-e-mail\/\" target=\"_blank\" rel=\"noopener noreferrer\">what the intention is behind a phishing mail and how you can recognise a fake e-mail<\/a>. If you nevertheless fell into a phishing trap, you must take measures immediately. Which ones depends on how the phishing was carried out and which data was compromised. This is a guideline.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-15069\" title=\"Je opende een phishing-mail\" src=\"https:\/\/www.combell.com\/nl\/blog\/files\/2018\/05\/bijlage-in-phishing-mail.png\" alt=\"Je opende een phishing-mail\" width=\"250\" height=\"187\" \/><\/p>\n<h2>You opened an attachment with a phishing mail<\/h2>\n<p>The attachment can contain various types of malware that cannot just infect your own computer but your entire network:<\/p>\n<p><div class=\"su-list\" style=\"margin-left:0px\"><\/p>\n<ul>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> Viruses, worms and Trojan horses<\/li>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> <a href=\"https:\/\/en.wikipedia.org\/wiki\/Spyware\" target=\"_blank\" rel=\"noopener noreferrer\">spyware<\/a> like a keylogger: collects information about you and sends this to a third party, or takes control over your device to use it in a botnet.<\/li>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> <a href=\"https:\/\/en.wikipedia.org\/wiki\/Adware#Malware\" target=\"_blank\" rel=\"noopener noreferrer\">adware<\/a>: places additional adverts on each web page that you visit<\/li>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> <a href=\"https:\/\/en.wikipedia.org\/wiki\/Ransomware\" target=\"_blank\" rel=\"noopener noreferrer\">ransomware<\/a>: encrypts all data on your computer; only after payment of the ransom will you receive a key to decipher the data<\/li>\n<\/ul>\n<p><\/div><\/p>\n<p>If you open an attachment in good faith and fear that you have activated a malware, then follow these steps.<\/p>\n<p><div class=\"su-list\" style=\"margin-left:0px\"><\/p>\n<ul>\n<li><i class=\"sui sui-angle-double-right\" style=\"color:#1D88C0\"><\/i> <strong>Disconnect the connection<\/strong> between your device and the network\/Internet. This way, you prevent that you do not just infect others, but you also prevent that the malware will send data or collect instructions from the attacker. Plus, the attacker is unable to penetrate your device. If you are connected with a cable, simply pull out the cable. If you are using a wireless connection, turn off the Wi-Fi. You do not know how to do this? In the worst case, simply unplug your cable modem.<\/li>\n<li><i class=\"sui sui-angle-double-right\" style=\"color:#1D88C0\"><\/i> Make <strong>a backup<\/strong> of all your data to prevent that this is damaged or erased when removing the phishing malware.<\/li>\n<li><i class=\"sui sui-angle-double-right\" style=\"color:#1D88C0\"><\/i> Carry out <strong>a full malware scan<\/strong> with your antivirus program. This might take some time \u2013 be patient and meanwhile do not use your device. If the program can remove the malware, it is fine. If not, engage the help of a professional.<\/li>\n<\/ul>\n<p><\/div><\/p>\n<h2>You entered confidential data on a phishing website<\/h2>\n<p>Depending on the type of data you entered, the attacker can perform all kinds of malicious actions:<\/p>\n<p><div class=\"su-list\" style=\"margin-left:0px\"><\/p>\n<ul>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> make purchases from a webshop in your name<\/li>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> impersonate you to ask your friends, acquaintances or colleagues for money<\/li>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> gain access to your work account to steal data<\/li>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> make purchases with your credit card<\/li>\n<li><i class=\"sui sui-warning\" style=\"color:#f4cd36\"><\/i> log in to the control module of your website to infect your visitors with malware, or steal your customer database<\/li>\n<\/ul>\n<p><\/div><\/p>\n<p>If you entered your data and password on a bogus website in good faith, then follow these steps to limit the damage:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-15070 alignright\" src=\"https:\/\/www.combell.com\/nl\/blog\/files\/2018\/05\/vertrouwelijke-gegevens-in-phishing-website.png.png\" alt=\"Je liet vertrouwelijke gegevens achter in phishing-val\" width=\"251\" height=\"188\" \/><\/p>\n<p><div class=\"su-list\" style=\"margin-left:0px\"><\/p>\n<ul>\n<li><i class=\"sui sui-angle-double-right\" style=\"color:#1D88C0\"><\/i> <strong>Immediately change your password. <\/strong>If you use the same password for various services (strongly discouraged!), also change your password for these services.<\/li>\n<li><i class=\"sui sui-angle-double-right\" style=\"color:#1D88C0\"><\/i> Do not forget to change the <strong>answers to the security questions<\/strong> \u2013 the questions you must answer to obtain a new password if you have forgotten yours.<\/li>\n<\/ul>\n<p><\/div><\/p>\n<blockquote><p>Victim of phishing? Do not just change your password but also the answers to the security questions that are asked in case you have lost your password!<\/p><\/blockquote>\n<h2>Subsequently take the additional steps:<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-15068 alignright\" src=\"https:\/\/www.combell.com\/nl\/blog\/files\/2018\/05\/phishing-val-wat-nu.png\" alt=\"Wie waarschuwen bij phishing-val?\" width=\"251\" height=\"188\" \/><\/p>\n<p><div class=\"su-list\" style=\"margin-left:0px\"><\/p>\n<ul>\n<li><i class=\"sui sui-exclamation\" style=\"color:#f4cd36\"><\/i> <strong><em>Payment details: <\/em><\/strong>Did you specify your credit card details on a fake website, or your details for Internet banking? <strong>Block your card<\/strong> via <strong>CARD STOP (070 344 344)<\/strong>. As soon as you have done this, you are no longer liable: no payments or money transactions can be performed. With Internet banking, change your PIN number at a cash machine as soon as possible.<\/li>\n<li><i class=\"sui sui-exclamation\" style=\"color:#f4cd36\"><\/i> <strong><em>Webmail: <\/em><\/strong>If you did not immediately recognise the phishing attack, there is a risk that the attacker can collect all kinds of data from your mails, e.g. login details for other accounts, contact details of family and friends. Check whether the attacker has searched your account. With Gmail, you can do this via <a href=\"https:\/\/support.google.com\/mail\/answer\/45938?hl=en\" target=\"_blank\" rel=\"noopener noreferrer\">Last Account Activity.<\/a><\/li>\n<li><i class=\"sui sui-exclamation\" style=\"color:#f4cd36\"><\/i> <strong><em>Web services<\/em><\/strong> (such as a dashboard for the online management of your domain names, WordPress site, etc.): check the log files to see whether the attacker had already gained access to your control panel. If this is the case, check which data he had access to. If the attacker had access to your customer database, you must unfortunately also inform your customers. Remember the new GDPR rules in this respect: you must also inform the privacy committee!<\/li>\n<li><i class=\"sui sui-exclamation\" style=\"color:#f4cd36\"><\/i> Check with your friends and acquaintances whether they have received any strange mails or other messages from you. Inform them about the phishing fraud and warn them for the mail in question.<\/li>\n<li><i class=\"sui sui-exclamation\" style=\"color:#f4cd36\"><\/i> Report the attack to the company, the banking institution or the organisation whose name was fraudulently used. For Visa, you can forward the phishing e-mail to <a href=\"mailto:phishing@visa.com\" target=\"_blank\" rel=\"noopener noreferrer\">phishing@visa.com<\/a>, for Mastercard to <a href=\"mailto:StopIT@mastercard.com\" target=\"_blank\" rel=\"noopener noreferrer\">StopIT@mastercard.com<\/a>. More info on <a href=\"https:\/\/www.mijnkaart.be\/nl\/home.html\" target=\"_blank\" rel=\"noopener noreferrer\">mijnkaart.be<\/a>.<\/li>\n<li><i class=\"sui sui-exclamation\" style=\"color:#f4cd36\"><\/i> In case of financial fraud, you can report this to the local police or <a href=\"https:\/\/meldpunt.belgie.be\/meldpunt\/en\/welcome\" target=\"_blank\" rel=\"noopener noreferrer\">meldpunt.belgie.be<\/a>.<\/li>\n<li><i class=\"sui sui-exclamation\" style=\"color:#f4cd36\"><\/i> You can forward phishing mails to <a href=\"mailto:verdacht@safeonweb.be\" target=\"_blank\" rel=\"noopener noreferrer\">verdacht@safeonweb.be<\/a>.<\/li>\n<\/ul>\n<p><\/div><\/p>\n<p>You can find more information on <a href=\"https:\/\/www.safeinternetbanking.be\/en\/sos-fraude-what-can-you-do\" target=\"_blank\" rel=\"noopener noreferrer\">Safe Internet Banking<\/a>. <a href=\"https:\/\/www.youtube.com\/watch?time_continue=69&amp;v=8tKqfEgqoj0\" target=\"_blank\" rel=\"noopener noreferrer\">This video<\/a> explains everything again. But remember: prevention is better than cure - use a healthy dose of mistrust when opening mails!<\/p>\n<blockquote><p>Have you entered your banking details on a phishing website? Immediately block your bank card via <strong>CARD STOP (070 344 344)<\/strong>.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Phishing attacks are often carried out with very carefully crafted e-mails, which can hardly be distinguished from legitimate e-mails from a company. So well counterfeited, that despite your caution, you...<\/p>\n","protected":false},"author":1,"featured_media":8419,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","footnotes":""},"categories":[62],"tags":[1125,41],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt.jpg",1200,420,false],"thumbnail":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-50x50.jpg",50,50,true],"medium":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-300x105.jpg",300,105,true],"medium_large":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-768x269.jpg",768,269,true],"large":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-1024x358.jpg",1024,358,true],"1536x1536":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt.jpg",1200,420,false],"2048x2048":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt.jpg",1200,420,false],"post-featured":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-850x290.jpg",850,290,true],"post-featured-opt":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-750x256.jpg",750,256,true],"post-featured-opt-md":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-850x290.jpg",850,290,true],"post-featured-opt-sm":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-485x165.jpg",485,165,true],"post-featured-opt-xs":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-375x128.jpg",375,128,true],"post-most-popular":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-50x50.jpg",50,50,true],"post-author":["https:\/\/www.combell.com\/en\/blog\/files\/In-een-phishing-val-getrapt-60x60.jpg",60,60,true]},"uagb_author_info":{"display_name":"Combell","author_link":"https:\/\/www.combell.com\/en\/blog\/author\/blogadmin\/"},"uagb_comment_info":3,"uagb_excerpt":"Phishing attacks are often carried out with very carefully crafted e-mails, which can hardly be distinguished from legitimate e-mails from a company. So well counterfeited, that despite your caution, you...","_links":{"self":[{"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/posts\/7138"}],"collection":[{"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=7138"}],"version-history":[{"count":3,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/posts\/7138\/revisions"}],"predecessor-version":[{"id":10204,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/posts\/7138\/revisions\/10204"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/media\/8419"}],"wp:attachment":[{"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=7138"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=7138"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=7138"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}