This article covers what to do if you click on a phishing email and enter information.

If you receive a phishing email

If you receive an email that you suspect is a phishing email, first look to see if SU Information Security has sent an alert about that email. If they have, then follow the instructions in the email as to how to proceed.
example of security alert email

If there is no security alert email, then forward the email to and our support team will forward it on to the appropriate areas to investigate. If you haven't clicked any links or entered any information from the email, then at this point you can delete the email.

If you clicked a link or provided personal information

If you clicked a link or provided personal information:

  1. Let Technology Support know that you may have clicked on a phishing email by calling 410-677-5454.
  2. You should immediately close out of any browser windows and restart your computer. 
  3. When your computer restarts, go to Password Assistance and change your SU password. You may also want to change other passwords as well.
  4. If you suspect that the link may have installed something on your computer, then you will also want to run a malware scan and Clear Your Browser Cache. On a personal computer, you can find some Recommended anti-malware programs for personal computers.
  5. If your account was compromised, and especially if IT had to reset your password, you may also need to turn off inbox or sweep rules.
    1. Students (Office 365).
      1. Click the settings icon (looks like a gear) in the upper right corner.
      2. In Your app settings, click Mail.
      3. In Mail>Automatic processing, click on Inbox and sweep rules.
      4. Remove any inbox or sweep rules by selecting them and clicking the Trash icon.
      5. Click Save.
    2. Faculty and Staff (Office Web App)
      1. Click the settings icon (looks like a gear) in the upper right corner.
      2. Click Options.
      3. Click Organize email.
      4. Select any inbox rules and remove them by clicking the trash icon.

If your account was compromised, you will likely receive a lot of bounceback emails. If they are similar to each other, you may be able to set a rule to delete them automatically, otherwise you will need to manually delete them.