If you received a phishing email and clicked on any of the links or sent any personal information in response, follow these steps to ensure that your account and data are secure. Learn more about Malware and phishing attacks.
After Phishing
- Report the Phishing Message.
- Call or visit the Helpdesk immediately for assistance in securing your account. It is critical that ITS staff investigate, contain, and remediate any damage that may have been caused by any unauthorized access.
- Change your Carleton password (link opens in a new tab).
- If your account is compromised and you are locked out, this step will not work. In that case, contact the Helpdesk.
- Log out of all of your active Google Sessions from Google's Manage Devices page (link opens in a new tab).
- Log out of ALL your Google Accounts: On the device that you clicked on the link or sent the information from, sign out of all of your Google accounts (on the Google website, in Google apps, etc).
- Select your portrait in the top right corner of any Google page.
- Select Sign out.
- Do the same for any other Google accounts you are signed into on your computer.
- Run a ThreatDown (aka Malwarebytes) Scan (if you're on a Carleton-provided computer):
- Right-click on the
or 
icon in your taskbar area, near your computer's clock.
- Select Start Threat Scan.
- Check your Gmail filters. Navigate to Settings > See all settings > Filters and Blocked Addresses to make sure the attacker hasn't added or tampered with your filtering or blocked addresses in any way.
Technician Note: see internal instructions
Need Help?
Please contact the ITS Helpdesk for assistance: go.carleton.edu/helpdesk or 507-222-5999.