What To Do If You Receive a Phishing Email

What to do if you received a phishing email:

  • If at any time you feel physically threatened, you should contact your local police department at once.  If you are on campus, you should also contact Public Safety.
     
  • If you have not opened the email, simply delete the message after you have reported it by using the Report Message tool in Outlook.
     
  • If all you have done is to open the email, your PC should be safe, simply report and delete the message.
     
  • If you supplied your password or other account information, you should change your password immediately.  You should also change the password for any other accounts where you have used this password.  (Reusing passwords allows criminals to access multiple accounts.)  You should also be sure MFA is activated.  We suggest using MS Authenticator as your primary verification method.
     
  • If you opened an attachment or clicked on a link in the email, you should scan your computer for malware.  If you need assistance with this step, please call the helpdesk at 215-951-1860 or open a new ticket in the IT Service Portal.
     
  • If you supplied your Cell Phone Number and the criminal calls or texts you, block incoming calls from that number.
     
  • If you supplied financial information, such as Credit Card Number or Bank Account or Checking Account Information, you need to contact your bank or credit card company immediately to prevent fraudulent transactions.  Their customer service or fraud reporting lines should be printed on the back of your credit or debit card.  Check your credit card statements carefully.  If you discover any unauthorized charges, you should dispute the transactions by sending a letter to the credit card company at the address listed on the statement for this purpose, not the address for sending payments.  The Federal Trade Commission provides a sample letter at https://www.consumer.ftc.gov/articles/0385-sample-letter-disputing-billing-errors.
     
  • If you supplied your Social Security Number, Driver’s License Information, or other personal information, you need to take steps to protect yourself from Identity Theft.  Request a free credit report to verify that credit accounts have not been opened in your name.  Free annual credit reports covering Equifax, Experian, and TransUnion are mandated by the Fair Credit Reporting Act (FCRA) and are available from  https://www.annualcreditreport.com or by calling 1-877-322-8228.  You should look through each of your credit reports carefully:
    • Check for accounts you do not recognize, especially accounts opened recently and look in the inquiries section for names of creditors from whom you have not requested credit.
    • Look in the personal information section for any address listed where you have never lived.  Identity thieves often submit address change requests to divert credit card statements and bills so victims remain unaware of the fraudulent transactions.
    • If you find items you do not understand on your report, call the credit bureau at the number on the report. Credit bureau staff will review your report with you.  You should make note of any account or transaction that cannot be explained.
    • Consider placing a fraud alert or credit freeze on your accounts.  You can place a free, one-year fraud alert by contacting any one of the three major credit bureaus. That company must tell the other two.

If you discover any fraudulent transactions, file reports with the Federal Trade Commission’s IdentityTheft.gov web site, your local police department, and the FBI’s Internet Crime Complaint Center (IC3).

Finally, there are additional steps that should be taken to check your Outlook settings to be sure a hacker did not change them.  There are more detailed instructions available in the attached KB Article, Help!  I Replied to a Phishing Email!  Now What Do I Do?

 

Print Article

Related Articles (2)

When it comes to reporting suspected phishing emails, seconds count! The sooner IT can send alerts to students, faculty, and staff, the greater the chance that we can protect someone from being victimized by criminals.
This article will tell you how to find and use the built-in phish reporting tools in the Outlook Desktop Client, Outlook Web Access, or Outlook Mobile, which is the fastest, easiest and IT-preferred way to report phishing messages.

Related Services / Offerings (1)

Best practices to detect and report phishing and spam.