The people out there trying to get your sensitive and confidential information can be very good at what they do. The really capable ones know how to push our psychological buttons, and how to make their malicious communications or websites look very legitimate. Sometimes they’ll even take advantage of perfectly legitimate but vulnerable websites.
So let’s say you’ve responded to a message requesting information, or entered your information in a website that now doesn’t seem quite right. What can you do to protect yourself after the fact?
The first thing is, don’t panic. Washburn students, faculty, and staff can contact ITS support at 785-670-3000 or firstname.lastname@example.org for assistance. We’ll be happy to help talk you through this and determine the next actions to take.
One thing to keep in mind is that you’re not the first person this has happened to and there are a number of resources to help you recover, and I’ll be covering some of those below. Before your memory starts to get foggy, write down what might have been revealed – was it a password, Social Security Number, credit card number, bank account number, etc.? Did you put in security question information like the name of your first pet, favorite teacher, etc.? Try to remember and write down as much as you can about the incident now.
Reporting the Crime
Sometimes people feel like they don’t want to cause a fuss or are too embarrassed to report something like this as a crime. Scams that get you to reveal sensitive personal or financial information are crimes, however, and reporting it will offer you substantial protections from fraudulent activity and help law enforcement crack down on the scammers.
Because Internet crimes routinely cross state or national boundaries, the standard place to report them is to the FBI. The FBI jointly with the National White Collar Crime Center runs the Internet Crime Complaint Center (IC3). This site makes it very easy to report the crime on-line and helps ensure that report is directed properly to other government agencies if applicable. You can report Internet scams and other crimes here:
Protecting Financial Information
Are you concerned that credit card, bank account, or other financial information might have been revealed? Contacting your card provider, bank, credit union, etc. is a good place to start. They can flag your account so it is watched more closely for suspicious activity and often will help you put a Fraud Alert on your credit reports.
Internet sites like eBay, Amazon.com, and others have websites and other resources dedicated to dealing with fraudulent activity on your account. Typically an easy way to find these is to enter the name of the website and certain keywords like “security” or “fraud” into your favorite search engine. Typically the first or one of the first hits will get you to the right place.
Personal Information / Identity Theft
If personal information may have been revealed, particularly information like a Social Security Number, one of the best things you can do to protect yourself is filling out this Identity Theft Victim’s Complaint and Affidavit available on the Federal Trade Commission website:
If you choose to file a report with law enforcement, this standardized form will help them respond more effectively to your complaint and can serve as evidence against future fraudulent charges. Even if you do not file a report with law enforcement, this form is still accepted by many companies and provides you with a degree of protection against misuse of your personal information.
The FTC website has a great deal of additional information about how to protect yourself depending on the specifics of your situation. Check the link below for more:
If you have inadvertently revealed a password, you should immediately come up with a new password, write it down and store it in a secure location in case you forget it, and go to any websites or other resources where the compromised password is used and go through the change password process. If you use the same password on multiple websites, you should change that password on all sites where it is used. It’s a good idea to write down a list of those sites first so you can check them off as you go, it will make it easier to ensure you’ve taken of all of them.
Cleaning Your Computer
If you follow a suspicious link or open a questionable file, you may be concerned your computer has been compromised. Hopefully you’ve been keeping up to date on security updates and patches for your operating system and hardware and have up-to-date antivirus software. These actions will do a great deal to protect you from multiple on-line threats. If you haven’t been keeping up on these, that should be a goal for the future once you are sure your computer is clean again.
Malwarebytes Anti-Malware Free (http://www.malwarebytes.org/products/malwarebytes_free/) is an excellent tool for eliminating many types of viruses, trojans, and other malicious software. It is free for home users and is good for getting your system cleaned up.
Spybot Search and Destroy (http://www.safer-networking.org/) is another excellent anti-malware product that is free for personal use, it has been around a long time and targets not just malicious software but ad-ware too.
Windows Defender (http://www.microsoft.com/en-us/download/details.aspx?id=17) is a free product from Microsoft, it’s not typically as aggressive as the previously mentioned anti-malware software, but has been effective at getting rid of some particularly hard to eradicate malware.
With all anti-malware software, it’s a good idea to run it multiple times until the reports come up clean. Sometimes one run will clean up one piece of software that is hiding another, and the second one will only be picked up on a later run.
No product can get rid of all malicious software in all cases, there are some things that the only effective way to recover is to reinstall Windows from scratch. For anything short of that, these products can typically take care of it. Nor do these programs eliminate the need to keep your system and software updated, but they can be a good way to get it cleaned up so that you can keep it updated down the road.
Anti-virus software is different from anti-malware on Windows, antivirus can help protect you from getting infected, but is not always as effective at cleaning up an existing infection as dedicated anti-malware software.
There are a number of free Windows anti-virus applications for personal use. You need not pay a substantial amount of money for effective protection:
Microsoft Security Essentials is freely available from Microsoft. It is remarkably good, relatively unintrusive and has little to no impact on system performance. It is free for personal use or for small businesses up to 10 systems.
AVG Free is another highly effective free for personal use antivirus product for Windows. You can download it here:
Avast! is a popular option for many Windows users as well:
Many people think that Macs don’t get viruses or other malware, and to a large degree that was true. The Flashback Trojan that starting hitting Mac OS systems about a year ago changed all that however. There is still less malware targeted at Macs, but what does target Macs is particularly nasty. Like for windows, some of the worst may be impossible to effectively remove without a reinstall of the operating system from scratch.
Sophos has released free Mac Antivirus software for personal use that is good at both protecting and cleaning Mac OS systems and work with Mac OS up to version 10.8. It can be downloaded here:
ClamAV has a free Mac Antivirus as well. Be aware that if you want continuous protection, you’ll need to download the version from the website. The version in the App Store only does on-demand scans.
Avast also has a free for personal use antivirus application, that can be downloaded here:
Keep in mind you should only install one antivirus application, installing multiple antivirus programs will impair performance significantly.
Currently mobile devices aren’t a big target for malware. There has been some malicious software developed but it generally hasn’t seen widespread distribution. Nonetheless that can be expected to change.
Apple’s iOS (iPhone, iPad, iPod), unfortunately, does not offer any sort of antivirus or anti-malware software. Apple has in fact actively kept Antivirus software out of their App Store. They’re largely relying on the effectiveness of their screening mechanisms for App Store apps and limits of user rights on the system to keep malware out. Time will tell if that is an effective strategy, however. In the meantime, the only real option to clean an iOS device is to reset it to factory defaults.
Android has several antivirus applications available, both Avast! and Lookout Security have free versions available in the Google Play store and are well reputed. Like Apple, Google screens software on their Google Play store and have the user run with limited rights on the system, both of which reduce the opportunities for malicious software in most cases.