Most people do not expect to become victims of a phishing attack. Finding out that your accounts were compromised in a phishing attack is scary. You will feel shocked and confused. You won’t believe that it happened to you. You’ll ask yourself, ‘how was I phished’? It seems so obvious now, right? No need to beat yourself up over it, now is the time to take action to fix it. Stay calm and try not to panic, you can still take steps to recover your account and minimize the damage. For every step involved, time is of the essence. Act fast, waiting only wastes precious time and gives you less opportunity to recover your accounts.

1. Change Your Passwords Immediately

The most important thing to do in the event of a phishing attack is to change your passwords. Not only should you change the password of the account that was compromised, you also need to change the password for any other account that used that password. Make sure to take this moment to give each account its own unique password.

Passwords are the most common target of phishing attacks. It is no surprise that phishers come after passwords. Stealing your password gives an attacker unlimited access to your account. Once logged into your account, attackers can make purchases, send messages, post online, or anything else you could do through your account. Data connected to your account is no longer safe.

To start your recovery, the first thing you need to do is change your password. Changing your password prevents phishers from using your stolen password to access your account. Changing your password will lock phishers out of your account. It is important to change your password as soon as possible. The longer you wait, the more time you give attackers to use your login. Attackers could also change your password to lock you out of your own account. Act quickly to try to keep access to it.

You will also need to change your passwords for all accounts that use the same password. Attackers will try to log into other websites using your username and password combination. It is important to change your passwords for any websites that use the same password.

There are a few things to keep in mind when changing your password. Make sure to choose a strong password that you’ve never used before. The password should be long. There is no magic number for length, but the longer the better. Complexity is also significant. Vary use of lower and upper-case letters with numbers and symbols. There are tons of password generators available online for free and there is probably one built into your browser.

2. Contact Your Bank

Being phished can expose your financial information. Some attacks will not target your password. Instead they go after your credit card info. If your credit card is stolen in a phishing attack, contact your bank. Freeze your card to stop unauthorized spending. Your card provider should have protocols for stolen card information. They should be able to issue you a new card and deactivate the stolen card. It is important to act fast to prevent any unwanted spending.

3. Enable Multi-Factor Authentication

Multi-factor authentication (MFA) is an essential layer of security for your account. MFA will stop phishers from continuing to access your account. MFA requires an additional piece of information to log into your account. Usually, MFA uses a code sent by a text or a notification on an app. Using MFA will stop attackers from being able to log into your account without access to your phone. Attackers will not be able to log into your account even if they have your stolen password. MFA will stop them from logging in with your password because they cannot provide the additional code to login. Be sure to enable MFA fast to cut off access to your account.

4. Report the Email or Text

Reporting phishing emails and spam texts helps everyone. Companies become aware that they are a target of phishing. Your organization can protect your coworkers from attacks. IT departments can help you recover from the phishing attempt. Researchers can study new types of phishing attacks. Reporting phishing contributes to the fight against phishing.

If you are phished at work, report the incident to your IT department. Explain your situation to them and be transparent. It may be embarrassing to admit that you gave out your password, but honesty will resolve the situation faster. Tell them how the incident started and all the steps you’ve taken so far. Time is important in reporting so don’t wait to act. Your IT department will be able to further assist you and give you the best steps to protect your account.

Most companies provide the ability to directly report emails targeting their brand to them. Many companies have you send emails to [email protected]. Check the company’s website for steps to report. They will have more information on reporting and ways to secure your account.

You can report phishing websites directly to Google through Google Safe Browsing. Google helps the fight against phishing by blocking known phishing websites around the internet and on many of it’s products like the Google Chrome browser. You can actively contribute in the effort against phishing by reporting URLs here.

5. Prevent Being Phished

After you’ve taken all the steps to recover from this phishing attack, it is time to start working on preventing the next one. Avoiding phishing is a lot more favorable to recovering from a phishing attack. The recovery process can be annoying and messy. It is often easier to protect yourself from phishing in the first place. Taking simple precautions to avoid phishing and spam messages can save you from a world of headaches trying to re-secure your accounts.