Skip to main content

One Step Ahead: You’ve Been Scammed: Now What?

One Step Ahead logo

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy.

Uh-oh, you just got scammed: You clicked on a phishing link and submitted your personal information by accident. You ordered something that isn’t at all what was described. Somebody just got you to disclose your password. What do you do next to protect yourself and repair the damage?

First, don’t panic and don’t feel ashamed. Scammers specialize in compromising people: it’s their job. Now move ahead to contain the damage and protect yourself and your information.

  • Immediately scan your computer or devices for viruses or malware. 
  • After scanning, change all your passwords and ensure you are not reusing the same password across multiple accounts. The University makes LastPass, a password manager that makes using complex and unique passwords easier, available free of charge to eligible active Penn affiliates. 
  • Use two-factor verification wherever possible (such as on your PennKey). 
  • For social media accounts, restrict access to friends and family only and always be mindful of what information you are sharing and who you are sharing it with. 
  • If the scam involves finances: 
  • Check your credit reports to ensure that new accounts have not been created. Temporarily freeze your accounts with the major credit bureaus to prevent new credit accounts from being created in your name. 
  • File a police report: how to file a report depends on your locality. 
  • Inform your bank and credit card companies by calling the numbers on the back of your credit cards or from the bank’s website. The credit card companies may issue new cards as well.

Make sure to regularly scan all your devices for viruses and malware, and also periodically check your financial and social media accounts to ensure you are still secure.

LastPass: https://www.isc.upenn.edu/how-to/lastpass.

Annual credit reports (authorized by US federal law): https://www.annualcreditreport.com/index.action.

Investor.gov (how to protect social media accounts): https://www.investor.gov/protect-your-investments/fraud/how-avoid-fraud/protect-your-social-media-account.

---

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead.

Back to Top