skip to primary navigationskip to content

What to do if you've been phished

There are three main types of phish. What you should do depends on what type of phish it was.

The most important thing to do in all these cases is not to panic!
This type of problem can – and does – happen to anybody.

The three main types of phishing attempts are where:

1. You are asked to enter your account details

You are told to go to a website and enter your account details (username/password or equivalent e.g. a token). The site can be a faked version of the real site, or pretend to be an administrative/verification request associated with your account. At Cambridge, they are often targeting your Raven account details.

2. You are asked to click a link

You simply click on a link in a phishing email and something happens (which you may, or may not, see), but it is not what you expected. This is typical of driveby infections, where a virus or other malware, including ransomware, is downloaded to your device.

3. You are asked to open an attachment

Where you click on attachment in a phishing email (often to view it) and you don't see what you expect. That is very simliar to a driveby infection except the malware was contained in the attachment. In Microsoft Office (Word and Excel files) you may be asked to enable macros to edit the file. If you enable macros, it will enable the associated malware to install itself.


What to do

Note down what you remember happened (you may be asked for details later), and contact your institutional IT support staff for assistance. If this is not possible, contact the for help.

If you have given away your Raven account details:

Use the UIS Password Management Application at (preferably on another device) to change your password ASAP.

If you have given away personal account details (bank, passport etc.):

If you have provided personal details to the scammers – especially if these include banking and/or passport details (e.g. a scanned passport) – then you need to take the following steps:

  • Contact your bank (or other relevant institution) as soon as possible, letting them know what has happened.
  • If you have sent any ID like a passport, contact 0300 222 0000 and report the situation to HM Passport Office. You will almost certainly need to obtain a new passport, which will have a different number. If you have a non-UK passport, you will need to apply for a new passport with your embassy in London. You can find contact details for your embassy on
  • Contact your local IT support or our Service Desk via .
  • Inform ActionFraud, the UK's national fraud and cyber crime reporting centre. They can be contacted by phone or online. The reporting form is:
  • Register for a free credit checking service and monitor it to see if there have been any applications for credit that you do not recognise. You can also turn on alerts, so they will email you if anybody makes any attempts to contact you. Examples include EquifaxExperian and Noddle.

If you have clicked a suspicious link or opened an attachment:

You will probably now have an infected device, although this may not be obvious immediately. If it is a Departmental or College PC, the most important thing is to make sure that you don't infect anybody else.

  1. Disconnect your PC at the wall if you have a wired connection, or disable your wireless connection if you are connected to the network using WiFi. Don't restart your PC – in many cases rebooting allows the downloaded malware to activate.

  2. If you are in Cambridge wait, if possible, for local help to arrive (i.e. do as little as possible). If you haven't got any access to immediate help, check that your antivirus software is up-to-date.