link to content
Essentials at NC State Home
Help | ResNet | Computing@NC State | For OIT Staff | Publications | Search NC State | Feedback
to content; left navigation begins
your unity account
antivirus and security
email and messaging
connections and labs
your computer
software at nc state
web pages
education and training
other resources
ITD Sections

What should I do if I've been caught?

Do the following immediately:

  1. Save the phishing email so that you can send it to the reporting authorities (see below).
  2. Change your passwords immediately.
    If you think you've responded to a phishing scam with password information or entered passwords into a phony Web site, change the passwords on all of your online accounts as soon as possible, starting with those related to financial institutions, credit cards and business transactions. If you need to change your Unity password, see
  3. Report the incident to:
    • The company from whom the email appears to come.
      The company will likely want to know if its name is being used fraudulently, and you may find scam and spoof reporting links on its Web site. Or you can contact them by telephone, email or mail, not by using the link in the phishing email you received. The sooner the company knows your account may have been compromised, the easier it will be for them to help protect you.
    • Federal Trade Commission (FTC)
    • Local authorities
      Depending on where you live, local authorities may also accept Internet phishing scam reports.
    • FTC: National Resource for Identity Theft
      Visit their site to learn how you can minimize any damages or send a message to them at
    • The Internet Fraud Complaint Center (IFCC)
      This partnership between the FBI and the National White Collar Crime Center (NW3C) is working worldwide with law enforcement and industry to promptly shut down phishing sites and identify the perpetrators behind them.
    • The Anti-Phishing Working Group or
      This group is building a database of common scams to help inform people of the risks.
    When reporting to these groups, do not use the "forward" option in your email software, as this format may exclude information and requires more manual processing. Instead, create a new email addressed to the group(s) and do one of the following:
    • Attach the phishing email to your new message or
    • Copy the phishing email, including its entire original text and header information, and paste it into your new message.
  4. Continue to monitor your credit card, business and bank statements (paper and online).
    This is especially important after you think you've been scammed. Review them at least monthly so that you can quickly spot and report unauthorized transactions and minimize damage.

Content last updated May 3, 2005 by dlschmid
Page last modified August 4, 2005 by cawalker

jump to content
jump to content Go to page top Page Top | OIT | PolicyDisclaimer