Phishing Victim Advisement
If you think an appstate email is malicious, please forward it to phish@appstate.edu or call us at 828-262-6266.
"Phishing" refers to the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
If you believe you are the victim of a phishing scheme:
1) Stay calm and don’t beat yourself up.
Phishing schemes are incredibly common and can be quite sophisticated. Even if you fell for a phishing scheme, you may not be a victim of identity theft.
2) Analyze the situation and take action.
3) Report the incident.
Record your interactions with institutions, creditors, and law enforcement. Note dates, contact names, addresses, phone numbers, and other details.
4) Protect yourself from future attacks.
You can review Common Security Threats and learn to Protect Yourself From Phishing Attempts by visiting the ITS Office of Information Security website.
If you downloaded a fraudulent attachment to your personal device:
- Disconnect your device from the network. This may prevent phishers from installing malware, gaining remote access to your computer, or spreading malware to other devices.
- Back up your files. Data may be destroyed in the process of recovering from a phishing attack. Focus on sensitive documents and irreplaceable files.
- Scan your system for malware and clean up your device. Visit IT Support Services for free antivirus programs and cleanup utilities, or bring your device to the Technology Support Center for help.
If you downloaded a fraudulent attachment to a university-owned device:
- Submit a support ticket to IT Support Services or call 828-262-6266.
If you clicked on a link to a fraudulent website or shared any sensitive information via email or by any other means:
- Record the information you shared (e.g. username, password, address, account numbers, codes for gift cards, etc.) and details such as the scammer’s email address, the content of the email, and the URL that you clicked. Take screenshots, copy or print all web pages, emails, text messages, or other correspondence related to the incident.
- Change passwords for any accounts you believe may have been compromised and never use the same password for multiple accounts.
- Check your account profiles and recent activity for misuse, including bank and credit card statements.
If you paid a scammer with a gift card:
- Call the card company and tell them the gift card was used in a scam.
Amazon
Call 1 (888) 280-4331
Learn about about Amazon gift card scams.
Google Play
Call 1 (855) 466-4438
Report gift card scams online.
Learn about Google Play gift card scams.
iTunes
Call 1 (800) 275-2273 then press “6” for other, then say “operator”..
Learn about iTunes gift card scams and how to report them.
Steam
If you have a Steam account, you can report gift card scams online.
Learn about Steam gift card scams.
MoneyPak
Call 1 (866) 795-7969
Report a MoneyPak card scam online.
- File a report with the FTC. Print a copy to show to the police when you file your report.
- File a police report with local law enforcement.
- Report the phishing scheme to the organization that was impersonated (e.g. your school, employer, bank, etc.) and follow their guidance to safeguard your information.
- Help others avoid scams by informing your family and friends. You may also report the incident to the FBI’s Internet Crime Complaint Center.
If you suspect you are a victim of identity theft:
- Contact your financial institutions.
- Report identity theft to the FTC and get a recovery plan online and follow their recovery steps. These steps may include contacting the major credit reporting agencies, alerting the Social Security Administration, checking your medical records and reporting the incident to the IRS. You may also file a complaint by calling the FTC Identity Theft Hotline at (877) IDTHEFT, or (877) 438-4338.
- You may also visit the North Carolina Attorney General’s website for recommendations.
- File a police report with local law enforcement.
- Report the phishing scheme to the organization that was impersonated (e.g. your school, employer, bank, etc.) and follow their guidance to safeguard your information.
- Help others avoid scams by informing your family and friends. You may also report the incident the FBI’s Internet Crime Complaint Center.