/
Recover from a Phishing Scam

Recover from a Phishing Scam

If You Believe You Were Phished

Phishing attacks are becoming more targeted and more difficult to identify. Even with training and awareness, it’s possible to fall victim to a well-crafted message.

If this happens, don’t panic. Acting quickly can greatly reduce the impact.

Follow the steps below as soon as possible. If you need assistance at any point, please contact IT immediately. We are here to help.

Step-by-Step Recovery Guide

Immediately Change Your Password

Go to the Account Management System and change your password right away.

If you use this same password on other accounts, change those passwords as well.

Revoke Active Sessions (Important)

After changing your password, log out of all sessions if possible.

In Gmail:

  • Go to your inbox

  • Click your Icon in the top right

  • Click manage google account .

  • Click on Security & sign-on

  • Select “Your devices” and look for anything that is not your current device and click on Sign-out.

This helps remove any active access an attacker may have gained.



Verify Multi-Factor Authentication (MFA)

Check your security settings and confirm:

  • Your MFA device is still yours

  • No additional authentication methods were added

  • Your recovery email and phone number have not been changed

Remove anything unfamiliar immediately.

Check Your Gmail Settings

Log in to your Valpo Gmail account and review the following:

Settings → Forwarding and POP/IMAP

Make sure your email is not being forwarded to another account.
Remove any entries you do not recognize.

Settings → Accounts

Ensure no unknown accounts have been granted access.
Remove any entries you did not personally add.

Settings → Filters and Blocked Addresses

Look for filters that automatically:

  • Delete messages

  • Mark messages as read

  • Forward messages

  • Hide emails from your inbox

Delete anything you did not create.

Attackers often create hidden rules to monitor your account.

Report the Incident

If you have not already done so, report the phishing email to IT.

Early reporting helps protect others and allows us to monitor for suspicious activity.

If Sensitive Information Was Entered

If you entered personal information such as:

  • Social Security number

  • Banking information

  • Tax information

Visit:
IdentityTheft.gov

Follow the recovery steps outlined there.

 

Still need help?

For additional assistance, contact the IT Help Desk.

Related articles