Responding to Phishing


Detailed Information

ProActive Responses

  • Multi Factor Authentication (MFA).  MFA can help with credential harvesting.  Once an attacker has your password, the attacker might attempt to open any resource that uses that username and password combination.   Without MFA, you credentials could be used to access

    • Email to look for information or to use your account to phish others

    • MaineStreet or other enterprise systems looking for data to perform a data breach, 

    • Employee Self Service to change your direct deposit information.  

  • Don’t reuse passwords.   Once criminals have obtained your credentials, they will try to use similar names and passwords on other sites such as banks. Unless those are protected with MFA, the criminal could get in.  The Acceptable use policy prohibits you from using the same username and password combination that you use for University accounts on non-university account.

Reacting to Phishing

  • Don’t respond to unsolicited communications that request you take action to avoid consequence, without verifying

  • Don’t open attachments.  Fake invoices may tempt you to check to see if it is something that you actually purchased, but might contain malware.

  • Verify with a Trusted Source

    • Contact the sender directly - but not through the contact information provided by that message and NOT by simply replying to that message.

    • Check the website or login to an account with the means you normally use.

  • Report the phishing as indicated below . If you believe a suspicious looking message might be real, report it and ask for help discerning its legitimacy.

  • If you believe you may be phished, follow the actions below

  • Delete the message

Actions to take if you think you were successfully phished

  • Report the phishing as indicated below. 

  • Change your password if you provided your credentials.  Remember, you can log into your UMS account through the Mycampus Portal and you can change your password at 

  • Check your direct deposit information to be sure the banking information hasn’t been changed

  • Check your email account to be sure filters haven’t been changed. Criminals reset filters to help mask the use of your email to send phishing to others.  Check in gmail by:

    • Selecting the gear symbol in the upper right corner

    • Choosing “See all settings”

    • From the top line setting menu select “Filters and Blocked Addresses”

    • Look through the list to see if these are filters you have set (typically the criminal will have some emails automatically deleted so that you won’t notice the activity)

Report Phishing

Report phishing or ask to help verify whether a message is phishing by contacting  Specific guidance is found in article: Phishing emails

Other Related Phishing Articles


  • Phishing can be sent via email, text message, or phone calls.


Print Article


Article ID: 139427
Sun 9/10/23 10:13 AM
Mon 11/13/23 8:17 AM
Applies To

Related Articles (4)

This introductory article on phishing provides a description of phishing, examples of spoofed senders, purposes and types of phishing as well as associated risks.
What to do if you receive a suspicious or phishing email
This article describes signs of phishing, actions that criminals use to trick victim in thinking phishing message are real and phishing training that is offered with simulating message.

Related Services / Offerings (1)

Security assessment, education, and awareness of campus security requirements, policies, and guidelines. Includes contract reviews and risk assessments.