Guide
What to do after you've interacted with a spam or phishing email
Updated on 7 July 2023
Follow these steps if you've clicked, replied to, or downloaded an attachment from a spam or phishing email
Before you do anything, make sure you report spam or phishing emails to Microsoft.
This will improve our spam filter and may prevent other students and staff from receiving emails from that sender.
Step 1. Check your device is still secure
Spam and phishing emails can contain malware and ransomware. You can unknowingly introduce viruses to your device from them.
If you interact on a:
-
University-owned device
Contact the Service Desk so IT can scan the Student Desktop, Staff Desktop, or non-managed computer, or support you in the removal of any threats on your mobile device.
-
Personal device owned by you
Run an anti-malware software such as Malwarebytes from a reputable online or App Store source and perform a scan to detect and remove any threats.
Skip this step if you interacted on an iOS mobile device (phone or tablet), but follow the Apple guide if you’re concerned about the integrity of your Apple ID.
Step 2. Change your password immediately
After you’ve removed any threats detected by the anti-malware software (not applicable to iOS users), go to the University's Password Change Utility and update your password.
If you shared your login details with the spammers, this means they'll no longer be able to access your account and the information it holds.
Step 3. Contact IT if you entered your @dundee.ac.uk credentials
- Contact the Service Desk to let IT know you gave your username and password to the spammers. We’ll perform some last checks and make further changes (if necessary) to safeguard the integrity of your account.
If you didn’t enter your @dundee.ac.uk credentials, skip this step.
-
If you gave the spammers your personal details (email address, bank information) and this has resulted in fraudulent activity such as money withdrawals from your account, report this to Action Fraud. Change any personal passwords that may have been compromised.
Step 4. Improve your awareness
If you know the tell-tale signs of spam and phishing emails you're less likely to interact with them in future. Some are harder to spot than others, and sometimes you'll receive ones from a genuine staff or student account that's been compromised. Question all of the emails you receive and be cautious with them.
Information Security Awareness module
Find this module under the My Organisations tab in My Dundee. Go through it and complete the tests to measure your awareness level.
LinkedIn Learning
Go through the Internet Safety course or at least watch the five-minute video on phishing scams.