3 Who should you contact?
This section is part of the amber and green pathways.
So far this week, you’ve taken a broader look at the threat landscape that was introduced in Week 1 and learned how to recognise when you’ve suffered a successful attack on your information security. You’ve also learned about the laws in the UK (and in your own country) that are in place to protect you.
The rest of this week focuses on how to recover from the attack and what you can do to prevent a similar attack being successful in the future.
First, let’s consider who you need to tell about the attack and what they need to know.
Responding to identity theft
If you have lost important documentation (such as passports, driving licences, credit cards and cheque books) you should report them immediately to the issuer so that they can be blocked and new copies can be issued to you. You should also report their loss to the police and ask for a crime reference number.
Report any unexplained transactions to your bank or credit card issuer so that they can be investigated by the company’s fraud team. You may not be liable for any losses provided that you have acted in a responsible manner and without fraudulent intent.
Almost everyone in the UK has a credit report registered with a credit reference companies. A credit report is used by financial agencies to determine your suitability for financial services such as a credit card, bank loan or mortgage. Every time a user (or an impersonator) requests a new financial product, a credit search is made and included in the credit report. You can ask for a copy of your credit report from a credit reference agency (in the UK they are Callcredit, Equifax and Experian) which will list all searches made on that account, who authorised the search, what type of search was made and when it was performed.
Credit reference agencies can also provide a credit report checking service (for which they may charge) which keeps a track of any changes to your credit report.
For more information see.
Personal data and security
Don’t click on any links and don’t open any attachments. Don’t use any links sent to you in an email to log in. Run a scan with your anti-malware software. Use links that you have previously saved in your browser bookmarks to visit any sites you need to check. Don’t be shocked into immediate action by anything you read in an email.
If you have accidentally opened a suspicious email message
If you aren’t sure if a website is secure, look for the little padlock symbol showing a secure (SSL) connection. If you are unsure of a site’s authenticity, or if you can’t see the padlock, then don’t enter any personal details!
Bank card fraud
If you notice a charge on your card account that you didn’t authorise, contact your card issuer as soon as possible. It may be that you’ve paid for goods you’ve not received or are suspicious about a website you’ve used. Give the card issuer as much information as possible – the name of the website, how much you spent, when you did it and so on.
The card issuer will investigate all cases of possible fraud and give you guidance which you should follow exactly. You may have legal protection, which means you’re not liable for any losses, as long as you took reasonable care and did not act fraudulently.
You should also contact the police and complete a crime report. Visit the UK Police’s website for reporting online fraud at ActionFraud.
Don’t respond if you get email or a phone call saying they are from your bank and they have detected fraud on your account. Don’t confirm anything! Don’t press any phone keys. Just end the call. Don’t call any number they might give you for further information. Put down the phone. Dial your saved message service or another free service just to confirm that the caller has released the phone line.
Look up the contact details for your own card issuer, check your own account, and if there seems to be a problem you can call the safe number that you already have.
Next, you will find out how to get your computer working again after an attack.