Phishing: What to do After Suspected Phishing

Summary

What to do if you suspect you have been compromised by a phishing attack.

Body

For more information on what a phishing attack is, see here (link opens in a new tab). If you:

  • click on any of the links in a phishing email
  • send any personal information in response to a phishing email

Then there are some security steps you need to take to ensure that your account and data are secure.

After Phishing

  1. Report the Phishing Message (link opens in a new tab)
  2. Inform the Helpdesk: If you email us from an account other than your regular Carleton account (for example, if you aren't able to use your Carleton account as it is compromised), there is an increased chance that your email will go to spam. Call us or make a ticket (link opens in a new tab), or come in-person (if possible).
    • If the Helpdesk does not know that you have been phished, we cannot help you with securing your account until we notice more overt signs.
  3. Change your Carleton password (link opens in a new tab)
    • If your account is compromised and you are locked out, this step will not work. In that case, contact the Helpdesk.
  4. Check Active Google Sessions and log out of all of your active Google Sessions from Google's Manage Devices page. (link opens in a new tab)
  5. Log Out of ALL your Google Accounts: On the device that you clicked on the link or sent the information by, sign out of all of your Google accounts (on the Google website, in Google apps, etc)
    1. Click your portrait in the top right corner of any Google page.
    2. Click Sign out
    3. Do the same for any other Google accounts you are signed into on your computer.
  6. Run a ThreatDown (aka Malwarebytes) Scan (if you're on a Carleton-provided computer):
    1. Right-click on the Malwarebytes Icon Stylized M or ThreatDown Icon icon in your taskbar area, near your computer's clock
    2. Select Start Threat Scan
  7. Look at your Gmail filters
    • In Gmail, check in Settings > See all settings > Filters and Blocked Addresses to make sure the attacker hasn't added or tampered with your filtering or blocked addresses in any way.

Technician Note: see internal instructions

Need Help?

Please contact the ITS Helpdesk for assistance: go.carleton.edu/helpdesk or 507-222-5999

Details

Details

Article ID: 160539
Created
Mon 7/15/24 10:53 AM
Modified
Tue 8/6/24 2:37 PM