Phishing Scams SOP

This article will provide Customer Experience Specialists with information regarding how to handle requests related to phishing scams. 

How are phishing scams identified? 

Occasionally the Customer Experience team will identify or receive phishing scams that are impacting some of our users. When identified the team will be provided a list of users/ accounts that have been impacted via a slack message. 

The Customer Experience team will be provided with the following information that will be used to address the potential scams: 

  1. User Email that was input into a phishing site 
  2. The password that was input into a phishing site
  3. IP Address 
  4. Date of input 


---KSL 2016----
Email: youareapieceofcrap@badperson
Password: burninheck
IP: 195.210.992.5
Data : 04/06/2019 == 14:02:30

Review Practices 

  1. Open the URL. or document 
  2. Open OSS and click “Member” on the left side of the page 
  3. Select  “Email” on the top right corner of the member page
  4. Copy and paste the email of the user impacted by the scam into the search field
  5. Select  “Search” 
  6. Select the member name that pulls up
  7. Review Administrative Notes to identify if the account has already been actioned on (suspended, banned, re-activated)
  8. If the account has not been actioned on previously, select “Add New Entry” 
  9. Select drop-down next to “Change Member Status to” and select “Suspend” 
  10. Leave the following notations below:
    1. Issues Details:
    2. Resolution: 
    3. Next steps: 
  11. Select Submit 
  12. Go to the following link and select "Add" or the plus icon at the top left corner of the page
  13. Select Ticket
  14. Fill out the following ticket fields
    1. Requester- This should be the email address tied to the account
    2. Assignee - Your name 
    3. Form -  Moderations
    4. Type - Question
    5. Source - Internal Audit
    6. Vertical - Classifieds
    7. Issue: Fraud
    8. Action Taken- Suspended/ Banned 
    9. Priority- Normal
    10. Notes- Input MID of account holder 
  15. Fill out Subject as “KSL Classifieds Account 
  16. Select “Apply Macro” at the bottom of the page
  17. Search and select “ Compromised Notification”  
  18. Prior to sending the email to the user, please update the password and username
  19. Select “Submit as Solved” at the bottom right corner of the screen. 

You are done! 


Related Articles: 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.