Help! Caught by phishing scam

[CrystalDeCanter]

Hi a couple of weeks ago my in laws asked for my help as they couldn't log in to their hotmail account. They had been sent an email by Microsoft and then clicked on a link which seemed to stuff things up for them.

Like an idiot I tried to help them out and gave 'Microsoft' my email to act as 'security'. Anyway it turns out that this is a phishing scam and I'm scarred that I've fucked things quite badly.

Any ideas what I can do to help my in laws and myself? I'll post a link to a site which explains the scam.

m.hoax-slayer.com/outlook-web-access-phishing-scam.shtml

It's this scam :(

Run a virus scan and do your usual security housekeeping. Change their password and yours for email accounts, choose something complex symbols, numbers and bogh case letters. If they use the same password for other accounts change those too.

Finally talk to ghem about phishing and fraud. That email has a spelling error in it, tell them to look for such mistakes, also to hover over sender details so they can see the address the email's originated from - it won't be one likely associated with the he organisation it's supposed to be representing.

There may be more to do, should say that
I'm not a professional, just didn't want to leave you without a reply.

Just seen the irony of my own typo there too

Agree with HenI5.

They have given the attacker their Hotmail login details. This gives the attacker access to anything where they use the same login details. The attacker may also be able to gain access to any other account where they have given their Hotmail email address - the attacker will be able to get in by claiming they have lost their password.

I agree with HenI5. I don't think this particular scam installs any malware on your PC but you should check. Your parents need to change the password on their Hotmail account (if they still have access - contact Microsoft if not and tell them the account has been hijacked) and all other accounts. Start with those that could be exploited by the attacker for financial gain - bank, credit cards, etc.

As you have given someone your email address you need to be wary too. If I were you I would change all your passwords.

By the way, it is sometimes possible to spoof sender details. I would always hover over links before clicking on them. That will tell you the web address for the link. That can't be spoofed. In general you will find that some of the links in a phishing email go to the website you would expect but the big button they want you to click goes somewhere else. Occasionally they use an address similar to the legitimate site but mostly it is very obvious that it is different.

UK Revenue information about Phishing Given what I say later, I promise that's a genuine link btw

I was on my phone earlier, hence keeping it reasonably brief and my fat fingered typing
The above link shows how deceptive scammers can be and how easy it is to be taken in.

In addition to what prh has said above I would make sure you tell you parents that if they get any emails urging them to take some form of action regarding any account then there are two things they should do and one definite NO NO.

NO to clicking on any links in emails. It's so easy to click as a reflex action following instructions without thinking it through. Impress upon them that they don't have to take any action that urgently, anything can wait a little while.

Next tell them to insert details into a search engine and see if any scam warnings come up.

Yes hover over the sender's email address as we both advised above, but do be aware that they're not all as transparent as the supposed UK government email that was sent from an AOL address some of the Revenue warnings in the link I've given are very deceptively formed.

The second thing they should do if they feel they need to take any action on an account is to go to the relevant site by typing the address into their browser so that they follow a link they've found, not one provided in an email, that way they should know where they're navigating to.

They need to remember not to rush anything and not to trust anything unsolicited. They might also want to warn any personal contacts in their address book that their account's been compromised and they may have accidentally exposed friends' email addresses too. Not saying that's the case but it will be erring on the safe side and will also reinforce the lesson for your PILs.

Hope all that helps.

Get your ILs to look at and read the cyber security information on www.cyberstreetwise.com/

As well as essential tips for keeping safe online, theres information on phishing you can use to teach them what is suspicious.

www.cyberstreetwise.com/#!/banking/phishing

THank you everyone. I went round last night convinced it was a scam and now I'm not so sure. I think it may have just been hotmail being stupidly security conscious coupled with my in-laws being a bit hopeless around computers.

We did change all passwords though and fil is under strict instructions NOT TO CLICK on any unsolicited emails.