used with permission from Norton by Symantec

There is a nonstop flood of Trojan horses, bots, and phishing attacks assaulting the Internet every day. Crimeware attacks and identity theft can happen to anyone. If you believe you have been a victim of crimeware or online fraud, there are a series of steps you can take in each instance to respond to and recover from the incident.


Disconnect immediately. Whether you’re connected to the Internet via wi-fi or a phone or cable line, disable your connection as soon as possible. This can prevent data from being leaked back to the cybercriminal. Breaking your network connection is a sure-fire way to put a stop to the immediate damage. Aside from physically unplugging your Internet connection, you can disable your network connection by clicking on your PC’s start menu, selecting “Settings,” then selecting “Network Connections,” and finally disabling your network connection by right-clicking on it and selecting the “Disable” option.

  • If you are at work, contact your Information Technology (IT) department. The IT team will need to know about the infection as soon as possible. In addition to your personal data being compromised, confidential company information may have been stolen as well. Either way, your IT department should be the first to know of the problem and should be able to help you with some of the following steps in your recovery.
  • If you are a home user, consider getting assistance from a trusted source and contact your Internet Service Provider (ISP).

Scan your computer with an up-to-date antivirus program, such as Norton AntiVirus or Norton Internet Security. A program with antivirus and antispyware capabilities can detect and often remove crimeware threats that would otherwise remain hidden on your computer. If the threat can be detected but not removed, consult Symantec’s removal tool listing to see if the crimeware can be removed using a separately downloaded utility. You do not need to be a Symantec customer to use these removal tools.

Back up your critical information. Sensitive data may be leaked by crimeware and it also may be inadvertently destroyed or lost during the clean-up effort. If you have backup software installed, make a copy of your valuable files–such as your photos, videos, and other personal or work files–to a backup hard drive or removable media, such as a CD or DVD. This will ensure your information’s availability after the computer is free of crimeware.

Consider going back to ground zero by re-installing the operating system of your computer or using backup software.The worst examples of crimeware are sophisticated enough to burrow deep within your system in an attempt to hide from your security software using “rootkit” techniques. Sometimes the best course of action is to return to a pre-infection state using a program such as Norton Ghost. Other times, when the infection date is unknown and more sensitive data is at stake, it may be best to save your important data off of the computer and re-install the operating system entirely so that you know you are working from a clean slate.

Online Fraud

Close affected accounts immediately. In the best-case scenario, you will be able to shut down or change any credit card, bank, or other online service accounts before they can be leveraged by the thief. Err on the side of safety: a little more trouble taken up front to freeze or change accounts can save you much more effort later in disputing fraudulent purchases made by a cybercriminal. While you have your financial institution on the phone or access to them in person, discuss any impact this potential fraud might have on your account and the steps you would need to take if the account was compromised during the attack. For example, how can you dispute fraudulent charges? Or how can you recover the stolen funds?

Set up a fraud alert with the three national consumer reporting agencies (Equifax, Experian, and TransUnion). Contacting just one of these companies will set up the alert for all three. The fraud alert will tell creditors to contact you directly before making any changes to existing accounts or allowing you (or someone using your identity) to open up new ones. This is an essential step to control the amount of damage an identity thief can do with your stolen information. This step also allows you to order your credit reports from each of the agencies for free.

Watch your credit reports closely. Keeping a sharp eye on your accounts from all three credit reporting agencies is essential because information may not be the same across all three. Some of the credit reporting agencies offer all-in-one reports or just-in-time alerting services for a fee. Depending on the level of potential impact and your concern, it may be worth the quick turn-around time and easy viewing to pay for these additional services. Remember that it may take some time before all of the fraudulent activity appears on your credit reports.

File a police report. Ideally this should be done in the city where the crime took place. Even though you may not be able to provide the police enough information to bring the criminal to justice, you can use a copy of the police report or the report number as evidence with your creditors in case they ask for proof. You may never need it, but it may help you fight fraudulent claims later.

Look for signs of identity theft. It’s natural to have your guard up after having your identity stolen. During this time, be on the lookout for odd things in the mail, including credit cards you did not request. Also watch to make sure you’re receiving all your standard bills, and that they haven’t gone missing. Being contacted by vendors regarding accounts you are unaware of, or even worse, by debt collectors for purchases someone else made, are clear signs of lingering identity theft problems.


By taking precautions and using strong Internet security software, you can significantly decrease your chances of becoming a victim of cybercrime. But if the worst happens, we hope these tips will help you fight back against your cyber attackers.