Technorati
Digg
Delicious
Reddit
Newsvine
StumbleUpon
Buzz
Blinklist
Mixx
Google
There is a nonstop flood of Trojans, bots, and phishing attacks assaulting the Internet everyday-infections and identity thefts can happen to anyone. If you believe you have been a victim of online fraud or crimeware, there are a series of steps you can take in each instance to respond to and recover from the incident.
Disconnect immediately. Unplug the network cable, phone, or cable line from your machine. This can prevent data from being leaked back to the attacker. Bots may also use your computer as a zombie in a larger, coordinated attack. Disconnecting your network connection is a sure-fire way to put a stop to the immediate damage. If you are uncomfortable doing this, you may find it easier to simply disable the network connection. This can be done by clicking on the Windows start menu, selecting "Settings," then selecting "Network Connections," and finally disabling your network connection by right-clicking on it and selecting the "disable" option.
Scan your computer with an up-to-date antivirus program such as Norton AntiVirus or Norton Internet Security (a complete security software suite). A program with antivirus & antispyware capabilities can detect and often remove crimeware threats that would otherwise remain hidden on your machine. If the threat can be detected but not removed, consult Symantec's removal tool listing in order to see if the crimeware can be removed using a separately downloaded utility. You do not need to be a Symantec customer to use these removal tools.
Back up your critical information. Sensitive data may be leaked by crimeware and it also may be inadvertently destroyed or lost during the clean-up effort. If you have back-up software installed, make a copy of your valuable files such as your photos, videos and other personal or work files to a back-up hard drive or removable media, such as a CD or DVD. This will ensure your information's availability after the computer is free of crimeware.
Consider going back to ground-zero by re-installing the operating system of your computer (e.g. Microsoft Windows) or using back-up software. The worst examples of crimeware are sophisticated enough to burrow deep within your system in an attempt to hide from your security software using "rootkit" techniques. Sometimes the best course of action is to return to a pre-infection state using a program such as Norton Ghost. Other times, when the infection date is unknown and more sensitive data is at stake it may be best to save your important data off of the computer and re-install the operating system entirely so that you know you are working from a clean slate.
Close affected accounts immediately. In the best-case scenario, you will be able to shut-down or change any credit card, bank or other online service accounts before they can be leveraged by the thief. Err on the side of safety: a little more trouble taken up front to freeze or change accounts can save much more effort later disputing fraudulent purchases by a cybercriminal. While you have your financial institution on the phone or access to them in-person, use this time to discuss any impact this might have on your account and the steps you would need to take if the account was compromised during the attack (i.e. How can you dispute the charges? Can you recover the stolen funds?).
Set up a fraud alert with the 3 national consumer reporting agencies (Equifax, Experian, TransUnion). Contacting just one of the 3 companies will set up the alert for all of them. The fraud alert will tell creditors to contact you directly before making any changes to existing accounts to trying to open up new ones. This is an essential step to control the amount of damage an identity thief can do with your stolen information. This step also allows you to order your credit reports from each of the agencies for free.
File a police report. Ideally this would be done in the area where the crime took place. While this may or may not provide the police enough information to bring the criminal to justice, you can use a copy of the police report or the report number as evidence with your creditors in case they ask for proof. You may never need it, but it may make all the difference later.
Contact government agencies. If your driver's license or social security number have been stolen, you will need to contact the Department of Motor Vehicles and the Social Security Association respectively. Additionally, you should report your identity theft to the Federal Trade Commission whom maintains an identity theft database used by law enforcement agencies for investigations.
Watch your credit reports closely. Keeping a sharp eye on your accounts from all three credit reporting agencies is essential as information may not be the same across all three. Some of the credit reporting agencies offer all-in-one reports or just-in-time alerting services for a fee. Depending on the level of potential impact and your concern, it may be worth the quick turn-around time and easy viewing to pay for these additional services. Remember that it may take some time before all of the fraudulent activity to appear on your credit reports.
Look for signs of identity theft. It's natural to have your guard up after having your identity stolen. During this time, be on the look out for odd things in the mail, including credit cards you did not request and bills that you normally receive which have gone missing. Being contacted by vendors regarding accounts you are unaware of, or even worse, by debt collectors for purchases someone else made, are clear signs of lingering identity theft problems.
Crimeware
Disconnect immediately. Unplug the network cable, phone, or cable line from your machine. This can prevent data from being leaked back to the attacker. Bots may also use your computer as a zombie in a larger, coordinated attack. Disconnecting your network connection is a sure-fire way to put a stop to the immediate damage. If you are uncomfortable doing this, you may find it easier to simply disable the network connection. This can be done by clicking on the Windows start menu, selecting "Settings," then selecting "Network Connections," and finally disabling your network connection by right-clicking on it and selecting the "disable" option.
- If you are at work, contact your Information Technology department. They'll need to know about the infection as soon as possible. In addition to your personal data being compromised, confidential company information may have been stolen as well. Either way, your IT department should be the first to know of the problem and should be able to help you with some of the following steps in your recovery.
- If you are a home user, consider getting assistance from a trusted source as well as contacting your Internet Service Provider (ISP)
Scan your computer with an up-to-date antivirus program such as Norton AntiVirus or Norton Internet Security (a complete security software suite). A program with antivirus & antispyware capabilities can detect and often remove crimeware threats that would otherwise remain hidden on your machine. If the threat can be detected but not removed, consult Symantec's removal tool listing in order to see if the crimeware can be removed using a separately downloaded utility. You do not need to be a Symantec customer to use these removal tools.
Back up your critical information. Sensitive data may be leaked by crimeware and it also may be inadvertently destroyed or lost during the clean-up effort. If you have back-up software installed, make a copy of your valuable files such as your photos, videos and other personal or work files to a back-up hard drive or removable media, such as a CD or DVD. This will ensure your information's availability after the computer is free of crimeware.
Consider going back to ground-zero by re-installing the operating system of your computer (e.g. Microsoft Windows) or using back-up software. The worst examples of crimeware are sophisticated enough to burrow deep within your system in an attempt to hide from your security software using "rootkit" techniques. Sometimes the best course of action is to return to a pre-infection state using a program such as Norton Ghost. Other times, when the infection date is unknown and more sensitive data is at stake it may be best to save your important data off of the computer and re-install the operating system entirely so that you know you are working from a clean slate.
Online Fraud
Close affected accounts immediately. In the best-case scenario, you will be able to shut-down or change any credit card, bank or other online service accounts before they can be leveraged by the thief. Err on the side of safety: a little more trouble taken up front to freeze or change accounts can save much more effort later disputing fraudulent purchases by a cybercriminal. While you have your financial institution on the phone or access to them in-person, use this time to discuss any impact this might have on your account and the steps you would need to take if the account was compromised during the attack (i.e. How can you dispute the charges? Can you recover the stolen funds?).
Set up a fraud alert with the 3 national consumer reporting agencies (Equifax, Experian, TransUnion). Contacting just one of the 3 companies will set up the alert for all of them. The fraud alert will tell creditors to contact you directly before making any changes to existing accounts to trying to open up new ones. This is an essential step to control the amount of damage an identity thief can do with your stolen information. This step also allows you to order your credit reports from each of the agencies for free.
File a police report. Ideally this would be done in the area where the crime took place. While this may or may not provide the police enough information to bring the criminal to justice, you can use a copy of the police report or the report number as evidence with your creditors in case they ask for proof. You may never need it, but it may make all the difference later.
Contact government agencies. If your driver's license or social security number have been stolen, you will need to contact the Department of Motor Vehicles and the Social Security Association respectively. Additionally, you should report your identity theft to the Federal Trade Commission whom maintains an identity theft database used by law enforcement agencies for investigations.
Watch your credit reports closely. Keeping a sharp eye on your accounts from all three credit reporting agencies is essential as information may not be the same across all three. Some of the credit reporting agencies offer all-in-one reports or just-in-time alerting services for a fee. Depending on the level of potential impact and your concern, it may be worth the quick turn-around time and easy viewing to pay for these additional services. Remember that it may take some time before all of the fraudulent activity to appear on your credit reports.
Look for signs of identity theft. It's natural to have your guard up after having your identity stolen. During this time, be on the look out for odd things in the mail, including credit cards you did not request and bills that you normally receive which have gone missing. Being contacted by vendors regarding accounts you are unaware of, or even worse, by debt collectors for purchases someone else made, are clear signs of lingering identity theft problems.