Phishing schemes are incredibly sophisticated. If you fall for one, it doesn't automatically mean your identity will be stolen.
All schemes vary, based on what information was provided to the bad actor, will dictate what you need to do next.
If you provided any usernames or passwords to the bad actor, you will need to change your password immediately.
If you suspect your account could be compromised, change your password immediately and contact The Help Desk or IT Security.
This goes for all accounts, SFA and personal.
If you downloaded any attachments, or clicked on any links, it is a good idea to scan your computer for viruses and malware. There are a lot of good tools built into modern computer operating systems.
Windows 10 can be scanned with the built in Windows Defender for a preliminary scan.
If you think your computer could be infected, contact The Help Desk for further steps.
If you've revealed any sensitive information like your Social Security Number or Credit Card Number, you need to watch for signs of identity theft.
Keep a close eye on bank accounts and transactions
Contact your bank and inform them of the situation
If these actors got you to reply to one email, they will definitely try again.
Stay vigilant of suspicious emails so that you don't provide them with any additional information. The less they know, the better.
Do not respond, instead, delete the email. Do not pass the email on to additional users.
If you notice an email appearing to come from SFA or other entity asking for your personal information, contact The Help Desk or IT Security.
If you think someone has been compromised (Sending spam emails, emails asking for money or gift cards, etc.) contact The Help Desk or IT Security immediately.