5 Steps You Need to Take if You Fall for Phishing

September 21, 2016 / By: Information Security

An example of a real phishing email sent to St. Thomas inboxes.

Don't take the bait! Unfortunately, phishing emails are becoming harder and harder to identify which results in more people taking the bait. Maybe it was by mistake or the email looked legitimate, but now you're worried what to do after you've clicked the link. 

What happens when I get phished?

One of the latest phishing attempts directs you to verify your account, or you will lose your mailbox. ‌

The link takes you to a page that looks exactly like the St. Thomas Office 365 login page. However, once you enter your St. Thomas username and password it gives you an error message that you cannot login. The Phishers use these fake webpages to collect your St. Thomas credentials in order to access to your account and other accounts that you use your St. Thomas email for. Phishers often use your compromised account to send more spam out to your address book in order to phish others. 

5 Steps to Take if You've Taken the Bait

1. Immediately change your password.

Don’t panic! If you are still able to login to your account, change your password to something unique that does not contain personal information and is not used with other accounts. If you used the same password on other accounts (including Social Media), change those to new unique passwords as well. 

2. Change your Security Questions in Office 365. 

Phishers are always trying to stay one step ahead.  Once they have your St. Thomas credentials, they also have information on your security question answers which allows them to get back into your account in the future. Creating new answers after you've reset your password will prevent 

3. Report the phishing attempt to the ITS Tech Desk. 

If you are unable to log into your St. Thomas account, contact the Tech Desk ASAP at 651.962.6230. Let them know you have been Phished and your account has been compromised.

4. Contact Credit Agencies.

If you entered any personal information, you can contact one of the major credit bureaus and ask for a free 90-day fraud alert to be placed on your credit report. The three major bureaus are Experian, Equifax and TransUnion. Once you have notified one, they are required by law to notify the other two on your behalf. WARNING: If you entered Banking or Credit Card Account Numbers, a Password or Pin, then contact the number on the back of your card to report the incident.

5. Update and Scan. 

If you have clicked on a link or downloaded a file, your system may be infected. To prevent viruses from getting to your system, disconnect your device from the internet, then make sure you run a complete scan with your anti-virus software. The ITS Tech Desk offers free walk-up assistance in virus and malware removal.