Have you been a victim of a phishing attack or wants to protect your company against impersonation? Phishing refers to a cyber attack that targets individuals. They tend to ask for sensitive information by impersonating a representative of a legitimate organization.
Last year, we received several emails and phone calls alerting us that there were several impersonators that were reaching out to the public. They were pretending to be our employees and sending website link that was not affiliated with us to solicit personal information and financial gains.
Below are the steps we took to report them and what you can do if you find yourself a victim of impersonation as well:
Inform the relevant authorities:
The first thing you should do is to report to the authorities of such attacks. You can file a police report online. An investigation officer will be assigned to you and contact you for the necessary follow up.
Make an announcement on your official channels:
It is also important to inform the general public (including your employees) through your company’s official channels regarding such attacks. This may reduce the possibility of getting scammed. You may wish to do the following to warn them:
- Have a pop-up message on your official website and/or
- Post on your company’s official platforms.
- Report the scam and reply to them directly.
Do include the following details in your message:
- Acknowledging that you are aware of the impersonation.
- Informing them that a police report has been made.
- Denying the association with the scammers.
- Listing your company’s official site/channels.
Report the abuse to SSL and Domain name registrar:
Here are some other websites for you to report the abuse to:
- Let’s Encrypt Repository (if the website is using Let’s Encrypt)
- Name Abuse
- Report Phish
- Report badware
- Report unsafe site guest
In our situation, the phishing website was using Let’s Encrypt. Do report to the respective cert provider depending on your situation.
It is important to inform the authorities and the public as soon as possible in order to prevent more people from getting scammed. By informing them, you protect your company against impersonation when you deny any alleged association with them.
If you have a WordPress site, do refer to our other article on how you can make your site safe and secure.