If you fall victim to a phishing attack, you should take the following steps to ensure that your Bronco NetID (account) is secure.
Change your password
If your account is still accessible, change your password as soon as possible. The longer someone has your credentials, the more harm they can cause.
Flag the message as phishing
If you still have the phishing message, select the message within your inbox, select the dropdown next to "Junk" and then select "Phishing".
Check your signatures
In an attempt to phish additional victims, attackers may add links to your email signature.
Check your forwarding rules
Some attackers may set your account to automatically forward all email to an account they control. Check to make sure that your emails are not being forwarded to another address.
Check your inbox and sweep rules
Attackers may add filters to hide their activity from the account owner. Check to make sure that no new inbox rules have been created.
Identity Theft
If you provided any personal information when responding to a phishing message, you may be at risk of identity theft. Please visit the Security Awareness site for more information on recovering from identity theft.
Check for sending block
After a successful phishing attempt Microsoft may have blocked your account from sending to email accounts other than W-Exchange (Gmail, AOL, Yahoo, etc…). You can test this by sending a test email to your personal email account, if your W-Exchange account is blocked you will receive an email from Microsoft stating so. If this is the case please respond to the email you received in regards to this incident, generally from oit-itsm@wmich.edu, or call the Help Desk at (269) 387-4357.
Check your Payment and Account Information
Log in to GoWMU using your Bronco NetID and password and select the Payment and Account Information channel to check for any changes that may have been made or suspicious activity. If you notice any suspicious activity or have issues with a refund contact Accounts Receivable located in room 1060 of the Seibert Administration Building or at (269) 387-4141 for additional information.
Check if any other accounts have been compromised
Enter your wmich.edu or any other personal email address you would like to test on Have I Been Pwned to see if any of your third party accounts have been compromised in a data breach.