From identity theft to phishing scams and cyberbullying, the spectrum of cybercrimes is vast and most of us will, unfortunately, encounter it in our digital life. In honor of Cybersecurity Awareness Month, we wanted to help you understand how to navigate these challenges to protect yourself and others.
Whether you’re a tech-savvy IT professional or someone just getting to grips with cybersecurity, knowing how to respond to and report cybercrime is essential. Here’s a comprehensive guide on how to handle and report different types of cybercrimes.
Download Reporting Cybercrime Infographic HERE
HACKED ACCOUNT
What to Do: Immediately change your password to something strong and unique. Check for unauthorized activity and disconnect any suspicious connections or devices. Enable two-factor authentication where possible.
How to Report: For social media accounts, report the hack through the platform’s help center. If email or financial accounts are compromised, contact the service provider’s security team directly.
RANSOMWARE
What to Do: Disconnect the affected device from your network to prevent the spread. Avoid paying the ransom—it doesn’t guarantee file recovery and encourages further attacks. Use backup systems to restore data where possible.
How to Report: Contact the FBI’s Internet Crime Complaint Center (IC3) to file a complaint. Notify local law enforcement and follow their guidance.
IDENTITY THEFT
What to Do: Place a fraud alert on your credit reports by contacting one of the major credit bureaus. Review your financial accounts for unauthorized transactions. File a report with the Federal Trade Commission (FTC) at IdentityTheft.gov.
How to Report: Report the crime to your local police department. Contact institutions where your identity was used fraudulently, such as banks or credit card companies, to take further action.
TAX-RELATED CYBERCRIME
What to Do: If you suspect identity theft related to taxes, complete IRS Form 14039, Identity Theft Affidavit. Monitor your tax account for any unauthorized access or filings.
How to Report: Report the issue to the IRS Identity Theft Protection Specialized Unit. File a report with the Federal Trade Commission.
CREDIT CARD FRAUD
What to Do: Notify your bank or credit card issuer immediately to freeze your account and prevent further charges. Review recent transactions for any other unauthorized activities.
How to Report: Report the fraud to the FTC at ReportFraud.ftc.gov. Consider placing a security freeze or fraud alert on your credit report with the credit bureaus.
ELDER FRAUD
What to Do: Look for sudden changes in financial situations or unfamiliar transactions. Discuss any suspicious calls or emails with trusted friends or family.
How to Report: Report instances to the National Elder Fraud Hotline. Contact local law enforcement for assistance.
SOCIAL SECURITY FRAUD
What to Do: Monitor your Social Security Statement for any discrepancies. Be wary of phone calls or emails requesting your Social Security number.
How to Report: Report fraud to the Social Security Administration (SSA) at oig.ssa.gov. Notify the FTC for further action.
BUSINESS EMAIL COMPROMISE
What to Do: Verify requests for fund transfers through a secondary channel, like a phone call. Train staff to recognize phishing attempts and suspicious emails. Alert your managed services provider (if you have one) immediately.
How to Report: Report the incident to the FBI’s IC3. Inform your financial institution immediately to attempt recovery of funds.
ONLINE STALKING & CYBERBULLYING
What to Do: Save evidence of all communications, including messages and emails. Use privacy settings to block or mute the harasser.
How to Report: Report harassment to the platform where it occurs. In severe cases, file a complaint with local law enforcement.
PHISHING
What to Do: Avoid clicking on suspected links or downloading attachments from unknown senders. Use security software to scan emails for malicious content.
How to Report: Forward phishing emails to the Anti-Phishing Working Group at [email protected]. Report to the FTC at ReportFraud.ftc.gov.
REMEMBER: COLLECT AND KEEP EVIDENCE
You may be asked to provide evidence when you report certain types of cybercrime. This material can help law enforcement stop and prosecute hackers. Al of the following documentation might be considered evidence, but you should keep anything you think could be related to the incident:
- Cancelled checks
- Certified or other mail receipts
- Chatroom or newsgroup text
- Credit card receipts
- Envelopes (if you received items via FedEx, UPS or U.S. Mail)
- Log files, if available, with date, time and time zone
- Social media messages
- Money order receipts
- Pamphlets or brochures
- Phone bills
- Copies of emails, preferably electronic copies. If you print the email, include the full email header information.
- Copies of web pages, preferably electronic
- Wire receipts
CYBERSECURITY AWARENESS MONTH
Cybercrime is a complex and evolving threat, but understanding how to respond and report these incidents is crucial in safeguarding your digital world. Remember, prompt reporting not only helps protect you but also aids in bringing perpetrators to justice and preventing future crimes. For more personalized advice or if you’re dealing with a cybercrime situation right now, consider consulting us to offer tailored support and guidance. Stay vigilant, stay informed, and keep your digital presence secure this Cybersecurity Awareness Month and all year round.
Written by: Chris Zambuto | Chief Information Security Officer @CMITBostonCambridge
