Guide

What to do after you've interacted with a spam or phishing email

Follow these steps if you've clicked, replied to, or downloaded an attachment from a spam or phishing email

On this page Chevron pointing down

Before you do anything, make sure you've reported the spam or phishing email to Microsoft. This will improve our spam filter and may prevent other students and staff receiving emails from that sender.

Step 1. Check your device is still secure

Spam and phishing emails can contain malware and ransomware. You can unknowingly introduce viruses to your device from them. If you interacted on a:

University-owned device

Contact the Service Desk so IT can scan the Student Desktop, Staff Desktop, or non-managed computer, or support you in the removal of any threats on your mobile device.

Personal device owned by you

Run an anti-malware software such as Malwarebytes from a reputable online or App Store source and perform a scan to detect and remove any threats.

Skip this step if you interacted on an iOS mobile device (phone or tablet), but follow the Apple guide if you’re concerned about the integrity of your Apple ID.

Step 2. Change your password immediately

After you’ve removed any threats detected by the anti-malware software (not applicable to iOS users), go to the University's Password Change Utility and update your password.

If you shared your login details with the spammers, this means they'll no longer be able to access your account and the information it holds.

Change your password

Step 3. Contact IT if you entered your @dundee.ac.uk credentials

Contact the Service Desk to let IT know you gave your username and password to the spammers. We’ll perform some last checks and make further changes (if necessary) to safeguard the integrity of your account.

If you didn’t enter your @dundee.ac.uk credentials, skip this step.

Guidance if you entered personal details

If you gave the spammers your personal details (email address, bank information) and this has resulted in fraudulent activity such as money withdrawals from your account, report this to Action Fraud. Change any personal passwords that may have been compromised.

Step 4. Improve your awareness

If you know the tell-tale signs of spam and phishing emails you're less likely to interact with them in future. Some are harder to spot than others, and sometimes you'll receive ones from a genuine staff or student account that's been compromised. Question all of the emails you receive and be cautious with them.

Information Security Awareness module

Find this module under the My Organisations tab in My Dundee. Go through it and complete the tests to measure your awareness level.

Go to My Dundee

Lynda.com training videos

All students and staff have access to lynda.com and the 6000 video tutorials it hosts. Go through the Internet Safety course or at least watch the five-minute video on phishing scams.

Go to our training webpage to find a detailed listing of other resources available to you.

Enquiries

Service Desk

+44 (0)1382 388000

help4u@dundee.ac.uk

Last updated

30 August 2019

From

UoDIT

Guides

IT, Email, Security