You've fallen for a scam! Now what?

We all make mistakes. Here's what you need to do after realizing that you have been had, and keep those mistakes from costing you.

Cybercriminals tricked Fred into giving away sensitive information. Now he wants to know how "to mitigate this situation?"

Don't feel bad. We all make stupid mistakes. But with these sorts of mistakes, you have to act fast to avoid disaster.

What you need to do depends on how you were tricked. Did you give them your email password? Your bank and/or credit card numbers? Your passwords for Facebook, Twitter, or other social media sites? Did they remotely access your PC, or trick you into installing software?

 [Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to]

If you have reason to believe that criminals can access your financial accounts, call your banks and credit card companies immediately. Explain the situation and follow their instructions.

Next, change any passwords that might have fallen into criminal hands. This includes email, social network, and other passwords.

If you've been using the same password for multiple accounts, change all of those passwords as well. And stop using the same password for multiple accounts already.

If you can't change a password--or even log on to a site--the crook got there first. Check the site for instructions on recovering a hijacked account. Search for hijacked account and the name of the service (Facebook, Google, or whatever) and follow the directions given on the service's website.

By the way, if you set up your account with two-step verification (most major services offer this), chances are slim that criminals will be able to access and hijack your account.

Next, call the police and ask to make a report. No, the cops will not find the crooks and return what was stolen. But banks, credit card companies, and other institutions may want to see a police report. It makes your claim to victimhood official.

Don't call 9-1-1. Unless the criminal is physically inside your home, it's not an emergency.

Were you tricked into allowing someone to remotely control your PC? Or into downloading software? If so, there's no telling what information they got, or are still getting.

In that case, change your Windows logon password immediately. And scan your PC for malware using multiple anti-malware tools.

Join the CSO newsletter!

Error: Please check your email address.

Tags identity theftGooglesecurityscamstwitterIdentity fraud / theftprivacyFacebookpcworld

More about FacebookFredGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lincoln Spector

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place