What to Do if You've Fallen Victim to a Phishing Attack

What to Do If You’ve Fallen Victim to a Phishing Attack

Quick Overview
  • Immediate steps to take after interacting with a phishing message
  • Change passwords immediately if you entered login details
  • Scan your device if you clicked a link or opened an attachment
  • Monitor for identity theft if sensitive information was shared
  • How to report the incident and get assistance

Phishing schemes can be very convincing. If you clicked a link, opened an attachment, or entered information into a suspicious website, follow the steps below. What you should do next depends on what information was shared and what actions were taken.

!
Important
If you entered your SFA credentials into a suspicious page, change your password immediately and contact the IT Help Desk and/or IT Security.

What to Do Next

  1. Pause and assess. Phishing attempts can be very convincing. Falling for one does not automatically mean your identity or accounts are compromised.
  2. Change your passwords. If you shared any usernames or passwords, update them immediately. This includes SFA accounts and personal accounts.
  3. Scan your device for malware. If you clicked a link or opened/downloaded an attachment, run a malware scan using your device’s built-in security tools.
  4. Monitor for signs of identity theft. If you shared sensitive information (such as Social Security numbers, credit card details, or banking information), closely monitor your accounts and notify your financial institution.
  5. Remain vigilant. If you responded once, attackers may try again. Do not reply to future messages—delete them and report suspicious emails using the approved reporting methods.

Change Your Passwords

  • If you provided any usernames or passwords, change your password immediately.
  • If you suspect your account may be compromised, change your password and contact the IT Help Desk.
  • This applies to all accounts, SFA and personal.

Scan Your Computer for Viruses

  • If you clicked a link or opened/downloaded an attachment, run a malware scan as soon as possible.
  • Windows devices can use built-in Microsoft Defender for an initial scan.
  • If you believe your device may be infected, contact the IT Help Desk for next steps.
i
Tip
If you are unsure what you clicked or downloaded, don’t guess—contact the IT Help Desk and we can help you assess the risk.

Watch Out for Signs of Identity Theft

  • If you shared sensitive information (Social Security number, credit card number, banking details), monitor for suspicious activity.
  • Review bank accounts and transactions closely for unauthorized charges.
  • Contact your bank or card provider and inform them of the situation.

Contact the IT Help Desk or Report the Incident

If you believe you may have fallen victim to a phishing attack, or you receive a suspicious message, report it as soon as possible.

Need Help?

Contact the IT Help Desk at (936) 468-4357 (HELP).
100% helpful - 1 review
Print Article

Related Articles (1)

Protecting Yourself from Falling Victim to a Phishing Attack
Tips for Avoiding Falling Victim to a Phishing Attack.