What to do after you've interacted with a spam or phishing email

Updated on 19 June 2024

Follow these steps if you've clicked, replied to, or downloaded an attachment from a spam or phishing email

On this page

Before you do anything, make sure you phishing emails to Microsoft.

This will improve our spam filter and may prevent other students and staff from receiving emails from that sender.

Step 1. Check your device is still secure

Spam and phishing emails can contain malware and ransomware. You can unknowingly introduce viruses to your device from them.

If you interact on a:

  • University-owned device

    Contact the Service Desk so IT can scan the Student Desktop, Staff Desktop, or non-managed computer, or support you in the removal of any threats on your mobile device.

  • Personal device owned by you

    Run an anti-malware software such as Malwarebytes from a reputable online or App Store source and perform a scan to detect and remove any threats.

    Skip this step if you interacted on an iOS mobile device (phone or tablet), but follow the Apple guide if you’re concerned about the integrity of your Apple ID.

Step 2. Change your password immediately

After you’ve removed any threats detected by the anti-malware software (not applicable to iOS users), go to the University's Password Change Utility and update your password.

If you shared your login details with the spammers, this means they'll no longer be able to access your account and the information it holds.

Change your password

Step 3. Contact IT if you entered your credentials

  • Contact the Service Desk to let IT know you gave your username and password to the spammers. We’ll perform some last checks and make further changes (if necessary) to safeguard the integrity of your account.

    If you didn’t enter your credentials, skip this step.

  • If you gave the spammers your personal details (email address, bank information) and this has resulted in fraudulent activity such as money withdrawals from your account, report this to Action Fraud. Change any personal passwords that may have been compromised.

Step 4. Improve your awareness

If you know the tell-tale signs of spam and phishing emails you're less likely to interact with them in future. Some are harder to spot than others, and sometimes you'll receive ones from a genuine staff or student account that's been compromised. Question all of the emails you receive and be cautious with them.

Information Security Awareness module

Find this module under the My Organisations tab in My Dundee. Go through it and complete the tests to measure your awareness level.

Go to My Dundee

LinkedIn Learning

Go through the Internet Safety course or at least watch the five-minute video on phishing scams.