What should I do if I have responded to or clicked on a phishing email?
If you believe you have responded to, clicked a link in, or provided any personal or financial information in response to a phishing email, please act quickly. The steps below will help limit the damage:
Change your University of Surrey password immediately — do not use the same device you clicked the link on until you are confident it is safe.
If you entered banking details, student loan account credentials, or any payment information, contact your bank or the Student Loans Company immediately to report the incident and request that your account is secured.
Report the incident to the Cyber Security Team via the Report a Breach form on the IT Services portal so the team can investigate and prevent others from being affected.
If you are concerned your University account has been used to send phishing emails to others, contact the IT Service Desk directly so the team can act quickly to contain any further spread.
Do not feel embarrassed — phishing emails are designed by professionals to deceive people. Reporting promptly is the most important thing you can do.
If you are unable to access Surrey Support, please contact us via our enquiry form.