Help! I Replied to a Phishing Email. Now What Do I Do?

Phishing emails may lead you to click links, open attachments, or share sensitive data. If you've responded, take immediate action to limit risk.

If threatened or if you have been victimized by a scam, notify Public Safety (215-951-1300 or publicsafety@lasalle.edu).

1. Report the Phishing Incident

Phishing attacks are typically distributed to many recipients. Promptly reporting the incident can help prevent others from falling victim to the same scam. Use the “Report Message” tool in Outlook, found in the toolbar at the top of your email, to quickly flag the phishing email or forward a copy of the message to phishreports@lasalle.edu. 

2. Change Your Passwords

Malware can harvest your email and login credentials, so you should change your email and Windows or MacOS passwords—even if you did not provide them in your reply. If possible, change passwords from a different device while you run malware scans; otherwise, wait until your scans confirm there are no threats or that any detected malware has been resolved. If you use the same password for other accounts, change those as well, as attackers may attempt to access your other accounts. If you are locked out of any accounts, contact the appropriate company’s customer service or security department.

3. Scan Your Computer for Malware

University Devices

If you are using a La Salle University laptop or desktop, the computer is equipped with licensed anti-virus software. Review instructions to run a scan using Windows Defender. 

Personal Devices

Install strong anti-virus software on your home computer. If you receive warnings about threats, ensure they come from your legitimate anti-virus provider. If necessary, manually initiate a scan within the anti-virus application. Do not click on links in pop-up notifications. Follow your software’s guidance to quarantine or delete any infected files. If in doubt about a file, quarantine it; if that is not possible, delete it.

Windows Defender on Personal Devices

On Windows 10 PCs, access the Advanced scans menu by opening Settings, selecting Updates & Security, then Windows Security, and choosing Virus & threat protection. Click “Run a new advanced scan” for a deep, offline scan. On Windows 11 PCs, search for “Windows Security” in the Start menu, open the app, select “Virus & threat protection,” go to “Scan options,” choose “Full Scan,” and click “Scan now.” If any threats are detected, Microsoft Defender Anti-virus will automatically remove or quarantine them.

Mac Devices

While Macs are generally less susceptible to malware than Windows PCs, they are not immune. Choose an anti-virus application from the Mac App Store, install it, and follow the prompts to run a system scan.

4. Review Email Forwarding Rules and Folders

In addition to stealing passwords, attackers may access your email account to search for sensitive information or use your account to send more phishing emails. They may also create email forwarding rules to divert your messages or send emails to your contacts, financial institutions, or other entities.

Check Email Rules and Forwarding

In Office 365 (web version), open Settings (the gear icon), click “View all Outlook settings,” and ensure “Mail” is selected. Review the following sections for suspicious rules or changes: Rules, Sweep, Junk Email (blocked and Safe Senders lists), Quick Steps, and Forwarding. If you find rules or forwarding addresses you do not recognize, note and delete them.

Review Sent, Deleted, and Other Folders

Check your Sent Mail folder for any messages you did not send, as attackers may use your account to contact others. Also, review Deleted Items, Notes, Junk Email, RSS Subscriptions, or other folders for unfamiliar emails. If you find messages you don’t recognize, ask frequent correspondents if they received any suspicious communications from you after the incident.

5. Assess Exposure of Confidential Information

Email is not a secure method for transmitting sensitive information, yet it’s often used for this purpose. Review your emails for the following types of data that may have been compromised:

• Social Security Numbers
• Credit, debit, or ATM card details (numbers, PINs, expiration dates, security codes)
• Bank or financial account numbers, ACH routing numbers
• Driver’s license or other state-issued ID numbers
• Health insurance information (member IDs, provider numbers, group numbers, etc.)
• Passwords, login IDs, answers to security questions
• Tax documents, financial aid applications, employment and salary data

If any of this information was included in your emails, assume it may be compromised and follow the precautions outlined below.

6. Take Precautions if You Disclosed Sensitive Information

• If you provided your cell phone number and receive calls or texts from the attacker, block the number.
• If you disclosed financial information (credit card, bank, or checking account details), contact your financial institution immediately to prevent fraudulent transactions. Use the customer service or fraud reporting number printed on your card. Monitor your statements and dispute unauthorized charges as instructed by your provider. The Federal Trade Commission offers a sample dispute letter at https://www.consumer.ftc.gov/articles/0385-sample-letter-disputing-billing-errors.
• If you provided your Social Security number, driver’s license, or other personal information, take steps to protect yourself from identity theft. Request a free credit report at https://www.annualcreditreport.com or call 1-877-322-8228. Check for unfamiliar accounts or personal information. If you find unexplained items, contact the credit bureau at the number listed on your report. Consider placing a fraud alert or credit freeze on your accounts by contacting any of the three major credit bureaus:
• https://www.Experian.com/help or 888-EXPERIAN (888-397-3742)
• https://www.TransUnion.com/credit-help or 888-909-8872
• https://www.Equifax.com/personal/credit-report-services or 800-685-1111

If you discover fraudulent transactions, file reports with the Federal Trade Commission’s IdentityTheft.gov, your local police, and the FBI’s Internet Crime Complaint Center (IC3).

7. Prevent Future Incidents

Implement these precautions to reduce the risk of future infections on your PC or Mac:

• Do not use an administrative account for everyday tasks; reserve it for software installation and updates (applies to Windows PCs).
• Install all current Windows or MacOS updates and patches as soon as they are released.
• Use anti-virus software with real-time protection and run regular scans. Keep the software updated.
• Enable multifactor authentication (MFA) where available. MFA requires two or more credentials—such as something you know (passcode, PIN, security question), something you have (one-time code from an authenticator app or text), or something you are (fingerprint, retina, or facial scan). MFA makes it significantly harder for attackers to access your accounts, even if they obtain your password.

8. Phishing Email Detection Tips

Phishing attempts continue to evolve, making detection skills critical. Educate yourself and others on how to spot phishing emails to protect both your information and the La Salle community. Here are ten tips to help you identify phishing emails:

1. Check the sender: Confirm the sender’s address is legitimate and correctly spelled. Is it someone you know or a business you regularly deal with?
2. Hover before you click: Ensure the actual link destination matches its description. Hover your mouse over links and attachments to preview their destinations without clicking.
3. Don’t trust urgency: Be wary of urgent requests, especially from unfamiliar sources.
4. Practice caution with attachments: Do not open attachments unless you are certain of their legitimacy.
5. Check spelling: Poor grammar and spelling are common in malicious emails and serve as warning signs.
6. Check the email signature: Legitimate senders include a signature that matches their email address. Verify the sender via a Google search or, for La Salle emails, a directory search in the mylasalle portal.
7. Protect personal information: Reputable companies rarely ask for sensitive information via email. Call the company using a verified phone number to confirm suspicious requests.
8. Check for vague introductions: Generic greetings like “Valued Customer” suggest the email is part of a mass phishing attempt.
9. Trust your gut: If something feels off, confirm the email’s legitimacy or report it.
10. Report suspicious emails: Use the “Report Message” tool in your email toolbar to alert IT of any potentially dangerous emails.