What to do if your account is compromised

If you fall victim to a phishing attack, you should take the following steps to ensure that your account is secure.

Change your password

If your account is still accessible, change your password as soon as possible. The longer someone has your credentials, the more harm they can cause. 

Mark the message as junk

If you still have the phishing message, mark it as junk. Right-click on the message and select "Mark as junk".

Check your signatures

In an attempt to phish additional victims, attackers may add links to your email signature

Check your forwarding rules

Some attackers may set your account to automatically forward all email to an account they control. Check to make sure that your emails are not being forwarded to another address.

Check your filters

Attackers may add filters to hide their activity from the account owner. Check to make sure that no new inbox rules have been created.

Identity Theft

If you provided any personal information when responding to a phishing message, you may be at risk of identity theft. Please visit the Security Awareness site for more information on recovering from identity theft.

Check for sending block

After a successful phishing attempt Microsoft may have blocked your account from sending to email accounts other than W-Exchange (Gmail, AOL, Yahoo, etc…). You can test this by sending a test email to your personal email account, if your W-Exchange account is blocked you will receive an email from Microsoft stating so. If this is the case please respond to the email you received in regards to this incident, generally from oit-itsm@wmich.edu, or call the Help Desk at (269) 387-4357 option 1.