So you’ve just received an important looking message from an official looking source asking you to verify some information. Perhaps the tax office, your bank or even a friend? You clicked the attachment, it opened a web page where filed in all the details and off it went.

Phishing email impersonating ITAS Namibia
Example phishing scam (ITAS Namibia February 11 2021)

But then you realized all was not as it seems.

We know how quickly a phishing scam can happen and this article is here to help you sort out that mess before it gets worse.

Briefly the implications of the prior events are:

Your username, password and any other information you entered have been stolen.

The scammers can use this information to automatically log into your accounts and download your personal information.

If the account in question was your e-mail account, it’s contents where likely already downloaded from your e-mail providers server by the scammers.

The scammers may also use this time to generate password reset requests for other accounts of yours which are associated to your e-mail in order to take over control of them. Sometimes you can see evidence of this happening if your email account starts to get suspicious password reset notifications which you did not request.

Overall this means your bank account, social media and anything else tied to your e-mail may also be affected if you do not act fast.

Any personal information/documents that reside on your mailbox may be compromised.

It’s noteworthy that if your email client is using the POP protocol, your local computers e-mails and what’s stored on your email providers e-mail server may not be exactly the same. POP servers usually work similar to a post office and only retain the e-mails that your computer hasn’t yet collected and move to your local inbox. Others keep around the last few weeks of e-mails stored on them.

If you are using a modern IMAP based e-mail service all past e-mails reside on both the server and your local computer.

Regardless of whichever service you are using, chances are good that scammers took a peek at your mailbox and extracted personal and confidential information that may be of value to them.

Once such information has been stolen, there is little to be done to get it back and your best course of action is informing any involved parties that this information might no longer be private.

If you re-used this username or password on any other services, the scammers are busy testing it elsewhere

This is usually done via automated tools that try your username and password combination against a list of online services looking for a valid login result.

Once a valid login is found they will proceed to exploit this information for additional gains.

But the attachment wasn’t just a web page? I think it ran a program!

Sometimes phishing emails contains links to malicious code/files or executable programs which when downloaded and run will prompt for Administrative access, seemingly do nothing, pop up a black/blue command line interface with quickly scrolling lines of text or immediately completely take over your computer.

This is one of the worst case scenarios for a Phishing attack. You have been hacked and a malicious program has gained complete access to your computer and all of it’s files. Possibly it is uploading your files to a remote server before encrypting your files. Or it is stealing all your account login details and installing spyware, bitcoin mining software or using your computer as a proxy to send spam.

Whatever the chain events you now need to hibernate your computer and contact an expert.

To hibernate a windows computer you can do so via the start menu, select Power option and then hibernate.

Alternatively on your keyboard press the Windows Key ⊞ together with X and then follow this with the keys U and H.

This will place your computer into a suspended state where it is not running, yet all the contents in memory are preserved for analysis and possible data recovery in the case of ransomware by extracting key details of the malware from memory.

Steps you should take:

Change your passwords

The first and immediate plan of action should be to update the password on all sites and services where you used this password to a new stronger password.

The scammers that stole your password will attempt to login to all manner of services with the password they obtained in order to get more information.

Notably also take into account any services which may have sent their password to your affected e-mail account in plain text. These will also need to be updated.

Outlined below are links for various email services where you can reset/change your password.

Telecom Namibia (iway.na )

Africa Online ( afol.com.na / mweb.com.na )

Google Mail

Yahoo Mail

Microsoft

Use a password Manager

As you go around updating your password across various devices and services now is a good time to invest in a good password manager, no worries spending money is entirely optional.

A password manager allows you to safely and securely store a large variety of different passwords for your online accounts and protect them all behind a strong master password.

It also generates secure passwords or passphrases for you and can automatically fill them into login forms when requested.

Password managers we suggest include:

Bitwarden

Bitwarden: Setup and How To For Beginners

LastPass

KeepassXC (for advanced users)

Analyze Your Situation

What data of yours has been affected? There are multiple types of identity theft and how the scammers could attempt to defraud you depends on the information they have been able to access. That could mean: credit, banking, taxes, employment, government benefits or medical fraud.

Inform relevant parties

Depending on what information is in your compromised account, Inform your bankers, business associates, financial organizations, insurance and medical aid that you have may have been the victim of identity theft.

Make sure to ask that they place a note on your file to verify with you personally via phone or in person any future emails, messages or calls pertaining to your personal and financial details.

Regularly check your credit status

You are entitled to a yearly free credit check, which you can do via your banker or TransUnion and Experian.

This is not something you have to do now, but absolutely important to validate further down the line to check for any potential irregularities such as outstanding debts or loans in your name which you did not authorize.

Beware of future emails you receive.

Scammers may use information gained from your mailbox in an attempt to solicit more information or money by posing as people or businesses you have interacted with in the past.

Summary

Obviously this is not a good situation to be in, but if you take these steps now you can effectively mitigate a lot of the potential consequences.

If you got lucky perhaps the scammers might not yet have even accessed your accounts before you were able to intervene.