Following this week’s warning of bogus security warnings putting PC users at risk, Catalin Cosoi, Chief Security Strategist at Bitdefender, discusses what the steps are once a user becomes the victim of a cyber-scam.
The moment a PC user suspects they have been scammed, they should start mitigating the situation. It does not matter if it’s a telemarketing scam, internet fraud, identity theft, counterfeit medicine, or business fraud.
First, disconnect the compromised device from the internet but do not power it off. Some malware pieces are designed to discard their payload at reboot, making it impossible for someone to recover the sample and understand what went wrong.
Individuals affected should avoid using the compromised device for the recovery process and get a new trustworthy laptop, desktop or handset to do the following:
- Change all passwords and IDs to all accounts
- Contact their bank and credit card companies to let them know what happened. Cancel all the ongoing transactions to anticipate any foul play
- When business data is involved, be it confidential documents saved in the cloud or locally and/or log in data for business accounts, inform the IT department of the foul play at once and send the compromised device for forensic analysis. With Bring Your Own Devices as one of the trending practices among employees these days, those accessing business accounts from their personal terminals need to realise the responsibility of their actions and be extra cautious in avoiding scams
- If the individual is a software or web developer, they should immediately revoke the certificates for code-signing to prevent abuse and ill-usage of these trust seals. They should check the software kits uploaded on the websites to make sure they don’t upload compromised code and infect all those downloading or using it
- If the affected individual has no important data on the system they should check for malware and remove it
- If the scam is linked to a mobile application, contact Google and let them know about the dangerous app
Those affected by a scam should also take a few minutes and report whatever happened to dedicated organisations such as the UK’s national fraud and internet crime reporting centre, www.actionfraud.police.uk. The body works with the government to protect people from fraudsters, gather all data about the scam and use it to find out who was behind it. They may also provide phone numbers and links towards other specialised organisations depending on the type of scam.
Cybercops, the National Consumers League and the Better Business Bureau can also provide helpful expert tips.
