3 Who should you contact?
So far this week, you’ve taken a broader look at the threat landscape that was introduced in Week 1 and learned how to recognise when you’ve suffered a successful attack on your information security. You’ve also learned about the laws in the UK (and in your own country) that are in place to protect you.
The rest of this week focuses on how to recover from the attack and what you can do to prevent a similar attack being successful in the future.
First, let’s consider who you need to tell about the attack and what they need to know.
Responding to identity theft
If you have lost important documentation (such as passports, driving licences, credit cards and cheque books) you should report them immediately to the issuer so that they can be blocked and new copies can be issued to you. You should also report their loss to the police and ask for a crime reference number.
Report any unexplained transactions to your bank or credit card issuer so that they can be investigated by the company’s fraud team. You may not be liable for any losses provided that you have acted in a responsible manner and without fraudulent intent.
Almost everyone has a credit report registered with a credit reference companies. A credit report is used by financial agencies to determine your suitability for financial services such as a credit card, bank loan or mortgage. Every time a user (or an impersonator) requests a new financial product, a credit search is made and included in the credit report. You can ask for a copy of your credit report from a credit reference agency (in the UK they are Callcredit, Equifax and Experian) which will list all searches made on that account, who authorised the search, what type of search was made and when it was performed.
Credit reference agencies can also provide a credit report checking service (for which they may charge) which keeps a track of any changes to your credit report.
For more information see.
Personal data and security
If you have accidentally opened a suspicious email message
If you aren’t sure if a website is secure, look for the little padlock symbol showing a secure (SSL) connection. Look back at Week 5, Section 3.3, Encrypted network connections. If you are unsure of a site’s authenticity, or if you can’t see the padlock, then don’t enter any personal details!
Bank card fraud
If you notice a charge on your card account that you didn’t authorise, contact your card issuer as soon as possible. It may be that you’ve paid for goods you’ve not received or are suspicious about a website you’ve used. Give the card issuer as much information as possible – the name of the website, how much you spent, when you did it and so on.
The card issuer will investigate all cases of possible fraud and give you guidance which you should follow exactly. You may have legal protection, which means you’re not liable for any losses, as long as you took reasonable care and did not act fraudulently.
You should also contact the police and complete a crime report. Visit The UK Police’s website for reporting online fraud at ActionFraud.
Next, you will find out how to get your computer working again after an attack.